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(57) Abstract 



A netwoik switch for switching packets from a source to a destination includes a source port for receiving an incoming packet from 
a source, a destination port which contains a path to a destination for the packet, and a filter unit for constructing and applying a filter to 
selected fields of the incoming packet The filter unit further includes filtering logic for selecting desired fields of the incoming packet and 
copying selected field information therefrom. The filtering logic also constructs a field value based upon the selected fields, and applies a 
plurality stored field masks on the field value. The switch additionally includes a rules table which contains a plurality of rules therein. 
The filtering logic is configured to perform lookups of the rules table in order to determine actions which must be taken based upon the 
result of a comparison between the field value and the stored filter masks and the roles table lookup. 
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TITLE OF THE INVENTION: 
NETWORK SWITCH 

REFERENCE TO RELATED APPLICATIONS : 
5 This application claims priority of United States Provisional Patent 

Application Serial No. 60/124,878, filed on March 17. 1999, U.S. Provisional 
Patent Application Serial No. 60/135,603, filed on May 24, |999, and United 
States Provisional Patent Application Serial No. 60/149,706, filed on August 
20, 1999. This application is a continuation-in-part (CIP) of United States 
1 0 Patent Application Serial No, 09/343,409. filed on June 30, 1 999. The subject 
matter of these earlier filed applications is hereby incorporated by reference. 

BACKGROUND OF THE INVENTION : 

Field of the Invention: 
1 5 The invention relates to a method and apparatus for high performance 

switching of data packets in local area communications networks such as 

token ring. ATM, Ethernet, fast Ethernet, and gigabit Ethernet environments. 

all of which are generally known as LANs. In particular, the invention relates 

to a new switching architecture in an integrated, modular, single chip solution, 
20 which can be implemented on a semiconductor substrate such as a silicon 

chip. 

} Description of the Related Art: 

The present invention advances network switching technology in a 
switch suitable for use in Ethernet, fast Ethernet, gigabit Ethernet, and other 
25 types of network environments which require high performance switching of 
data packets or data cells. A switch utilizing the disclosed elements, and a 
system performing the disclosed steps, provides cost and operational 
advantages over the prior art. 
SUMMARY OF THE INVENTION : 
30 The present invention is directed to a switch-on-chip solution for a 

networic switch, capable of use at least on ethernet, fast ethernet, and gigabit 
ethemet systems, wherein all of the switching hardware is disposed on a 
single microchip. The present invention is configured to maximize the ability 
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of packet-forwarding at linespeed, and to also provide a modular configuration 
wherein a plurality of separate modules are configured on a common chip, 
and wherein individual design changes to particular modules do not affect the 
relationship of that particular module to other modules in the system. 

The present invention, therefore, is related a network switch for 
switching packets from a source to a destination, where the network switch 
includes a source port for receiving an Incoming packet from a source, a 
destination port which contains a path to a destination for the packet, and a 
filter unit for constructing and applying a filter to selected fields of the 
Incoming packet. The filter unit further includes filtering logic for selecting 
desired fields of the incoming packet and copying selected field information 
therefrom. The filtering logic also constructs a field value based upon the 
selected fields, and applies a plurality stored field masks on the field value. 
The switch additionally includes a rules table which contains a plurality of 
rules therein. The filtering logic is configured to perform lookups of the rules 
table in order to detemnine actions which must be taken based upon the result 
of a comparison between the field value and the stored filter masks and the 
rules table lookup. 

The present invention is also directed to a method for filtering packets 
on a network switch, wherein the method Includes the step of receiving a 
packet on a port of a network switch. After receiving the packet, the method 
perfomris address resolution based upon a source address and a destination 
address in the Incoming packet and applies at least one mask to a field value 
In the packet to create a filter value. The filter value Is concatenated with at 
least one predetermined packet field to create a search key and a rules table 
is searched with the search key to determine if a match exists. The method 
then includes the step of performing acfion as specified by the rules table 
based upon a match of the search key with a rules table entry. 

Additionally, the present Invention is related to a network switch for 
network communications where the network switch includes a first data port 
Interface, wherein the first data port Interface supports a plurality of data ports 
for transmitting and receiving data at a first data rate. The network switch 
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also includes a second data port interface, wherein the second data port 
interface supports a plurality of data ports for transmitting and receiving data 
at a second data rate, along with a third data port interface for transmitting 
and receiving data at a third data rate. A CPU interface is provided and 
5 configured to communicate with a CPU. The switch includes a first internal 
memory communicating with the first data port interface, the second data port 
interface, and the third data port interface. A first memory management unit 
having an external memory interface for communicating data from at least 
one of the first data port interfaces and the second data port interface to and 

10 from an external memory is also provided. A second internal memory is 
provided, the second internal memory communicating with the third data port 
interface. A second memory management unit is provided and used to 
control access to and from the second internal memory. A communication 
channel is provided for communicating data and messaging information 

15 between the first data port interface, the second data port interface, the third 
data port interface, the first internal memory, and the first memory 
management unit. The first memory management unit directs data from one 
of the first data ports, the second data ports, and the third data ports to one 
of the internal memory and the external memory interfaces according to a 

20 predetermined algorithm. 

Further, the present invention is related to a network switch for 
switching packets from a source to a destination, wherein the network switch 
includes a source port for receiving an incoming packet from a source, a 
destination port that contains a path to a destination for the packet, and a 

25 programmable counter unit for counting a number of packets of selected 
packet types which are received by the switch. 

Additionally, the present invention relates to a network switch stack 
configuration, where the configuration includes a first network switch having 
a plurality of data ports, a first stacking port, and a first CPU interface. 

30 Additionally, the present invention includes a second network switch having 
a plurality of data ports, a second stacking port, and a second CPU interface. 
A common CPU is connected to the first CPU interface and the second CPU 
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interface, such that the first stacking port and the second stacking port are 
communicatively connected. Therefore incoming packets on any of the 
plurality of data ports on the first and second switches can be effectively 
switched to any of the plurality of data ports on either of the first and second 
network switches. 

Further, present invention directed to a method of switch ing^packets in 
a network switch, wherein the method includes the steps of receiving a packet 
on a source port of a network switch. Thereafter, the method includes the 
step of determining whether the network switch has sufficient memory 
capacity to process the data packet; and if memory capacity is sufficient, then 
the method reads a selected portion of the packet to determine if the packet 
is to be sent to a mirrored port. If mirroring is determined, then the method 
sends the data packet to the mirrored port. The method also includes the 
step of determining whether the packet is to be sent to a remote CPU for 
further handling, and sending the data packet to the remote CPU if 
appropriate. The method additionally includes the step of determining 
whether the packet is a unicast packet, and if so, placing the packet on an 
internal communication channel within the network switch for appropriate 
storing and forwarding. If the packet is not a unicast packet, then the method 
determines if the packet is a multicast packet. If the packet is determined to 
be a multicast packet, then performing simultaneous lookups and switching 
using layer 2 lookup tables and addresses, and layer 3 lookup tables and 
addresses, thereby providing hybrid multicast handling of the packet. 
The present invention is related to a method for searching a table in a network 
switch, wherein the method includes the steps of dividing a primary 
lookup table into a first sub table and a second sub-table, searching the first 
sub-table with a first search engine, and simultaneously searching the second 
sub-table with a second search engine. 

The present invention further includes a method for searching a 
primary address table within a network switch, wherein the method uses the 
steps of dividing the primary address table into a first and second address 
sub-tables, storing even numbered memory address locations from the 
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primary address table within the first address sub-table in sorted order, and 
storing odd numbered memory address locations from the primary address 
table within the second address sub-table in sorted order. Thereafter the 
method includes the steps of searching the first address sub-table with a first 
5 search engine, and simultaneously searching the second address sub-table 
with a second search engine. 

The present invention also provides a network switch for network 
communications, wherein the network switch includes a primary lookup table, 
the primary lookup table being divided into a first lookup sub-table and a 

10 second lookup sub-table, each of the first and second lookup sub-tables 
having a plurality of memory address locations therein for storing entries. A 
first search engine is provided, wherein the first search engine is 
communicating with the first and second lookup sub-tables. A second search 
engine is also provided, and the second search engine is also communicating 

15 with the first and second lookup sub-tables. The switch is configured such 
that the first search engin searches the first lookup sub-table for a first desired 
entry, and ifthe first desired entry is notfound within the first lookup sub-table, 
then the first search engine is configured to search within the second lookup 
table. Further, the second search engine is configured to search the second 

20 lookup sub-table for a second desired entry, and if the second desired entry 
is not found within the second lookup sub-table, then the second search 
engine is configured to search within the first lookup sub-table. 

The present invention additionally provides a network switch for 
network communications having at least one data port interface operating to 

25 transmit data packets through the network switch, wherein the at least one 
data port interface has at least one address lookup table and at least one 
address search engine positioned therein. The at least one search engine 
being in communication with the at least one address lookup table. A CPU 
interface is provided, and the CPU interface is configured to communicate 

30 with a CPU, At least one memory structure is provided, and the at least one 
memory structure in communication with the at least one data port interface. 
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A communication channel is provided, the communication channel being 
configured to transmit data and messaging information between the at least 
one data port interface, the CPU interface, and the at least one memory 
structure. 

BRIEF DE SCRIPTIOM O F THE DRAWlKiric 

The objects and features of the invention will be more readily 
understood with reference to the following description and the attached 
drawings, wherein: 

Figure 1 is a general block diagram of elements of a network switch as 
discussed herein; 

Figure 2 is a more detailed block diagram of the network switch; 
Figure 3 illustrates the data flow on the CPS channel of the network 

switch; 

Figure 4A illustrates demand priority round robin arbitration for access 
to the C-channel of the network switch; 

Figure 4B illustrates access to the C-channel based upon the round 
robin arbitration illustrated in Figure 4A; 

Figure 5 illustrates P-channel message types; 

Figure 6 illustrates a message fomnat for S channel message types; 

Figure 7 is an illustration of the OSI 7 layer reference model; 

Figure 8 illustrates an operational diagram of an EPIC module; 

Figure 9 illustrates the slicing of a data packet on the ingress to an 
EPIC module; 

Figure 10 is a detailed view of elements of the MMU; 
Figure 1 1 illustrates the CBM cell format; 

Figure 1 2 illustrates an internal/external memory admission flow chart; 
Figure 13 illustrates a block diagram of an egress manager 76 
illustrated in Figure 10; 

Figure 14 illustrates more details of an EPIC module; 

Figure 15 is a block diagram of a fast filtering processor (FFP); 

Figure 16 Is a block diagram of the elements of CMIC 40; 
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Figure 17 illustrates a series of steps which are used to program an 

FFP; 

Figure 1 8 is a flow chart illustrating the aging process for ARL (L2) and 
L3 tables; 

Figure 19 illustrates comnnunication using a trunk group according to 
the present invention; 

Figure 20 is a table listing numerous fields for various packet types; 

Figures 21 A and 21 B illustrate a filter mask format and a field mask 
format, respectively; 

Figure 22 is a flow chart which illustrates the formation and application 
of a filter mask; 

Figure 23 illustrates an example of a fomnat for a rules table; 

Figure 24 illustrates a format for an IP multicast table; 

Figure 25 is a flow chart illustrating handling of an IP multicast packet; 

Figure 26 illustrates an embodiment of stacked SOC switches 10; 

Figures 27A and 27B illustrate alternate embodiments of stacked SOC 
10 configurations; 

Figure 28 is a detailed view of the functional modules of IPIC 90; 

Figure 29 illustrates packet handling for packets coming in to the high 
performance interface of IPIC 90; 

Figure 30 is a diffserv-to-COS mapping table; 

Figure 31 illustrates the configuration of the offsets; 

Figure 32 is a primary flowchart for the filtering/metering logic; 

Figure 33 is a flowchart of the partial match logic; 

Figure 34 is a flowchart of the in-profiie action logic; 

Figure 35 is a flowchart of the partial match action logic for bits 3-6; 

Figure 36 is a flowchart of the partial match action logic for bits 1 , 0, 
and 10; 

Figure 37 is a flowchart of the in-profile action logic for bits2, 8, and 9; 
Figure 38 illustrates a first configuration of an address table and a 
search engine; 
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Figure 39 illustrates a second configuration of two address tables and 
two search engines; 

Figure 40a illustrates a first example of address entries stored in an a 
single address table; 

Figure 40b illustrates a second example of address entries stored in 
two separate sorted address tables; 

Figure 41a illustrates a third example of address entries stored In a 
single address table; 

Figure 41 b illustrates a fourth example of address entries stored in two 
separate sorted address tables; 

Figure 42 is a flowchart of the In-profile action logic for bits 11-13; 

Figure 43 is a flowchart of the mirrored port/final FFP actions; 

Figure 44 is a flowchart of the out-profile action logic; 

Figure 45 is a flowchart of the data flow of an incoming packet; 

Figure 46 is a flowchart of the differentiated services logic; and 

Figure 47 is a flowchart expanding step 46-4. 
DETAILED DESCRIPTIO N OF THE PREFERRED EMBODIMENTS 

As computer performance has increased in recent years, the demands 
on computer networks has significantly increased; faster computer processors 
and higher memory capabilities need networks with high bandwidth 
capabilities to enable high speed transfer of significant amounts of data. The 
well-known Ethernet technology, which is based upon numerous IEEE 
Ethernet standards, is one example of computer networking technology which 
has been able to be modified and improved to remain a viable computing 
technology. A more complete discussion of networking systems can be 
found, for example, in SWITCHED AND FAST Ethernet, by Breyer and Riley 
(Zifl^-Davis, 1996), and numerous IEEE publications relating to IEEE 802 
standards. Based upon the Open Systems Interconnect (OSI) 7-layer 
reference model, network capabilities have grown through the development 
of repeaters, bridges, routers, and, more recently, "switches", which operate 
with various types of communication media. Thickwire. thinwire, twisted pair, 
and optical fiber are examples of media which has been used for computer 



wo 00/56024 

PCT/USOO/06942 

9 

ne^vcrKs. Switches, as ,hey relate to computer networKing and to Ethernet 
are hardware-based devices which control the flow ofdata packets or 

basedupondestinationaddressintormationwhichisavailahleineachpcr 
A properly designed and implemented switch should ^ capabte of re« v ng 
5 a pace and switching the pacKet to an appropriate output port atTha ^ 
efe red to w,respeed or linespeed. which is maximum speed capabi^ 
he parfcular network. Basic Ethernet wirespeed is up to ,0 megabits pe 
second and Fast Ethemet is up to 100 megabKs per second 

0 mlr " °'*'^"^""«"'« <'^'^ overa network ata rate o,up to 1 OOO 

megab^spersecond. As speed has increased, design constraints a d deln 
recu,rements have become more and more complex with respect to Jow^ 

r:rtirr:rr:r^"^~-'--- 

m.m„,„ . ^ ^"^^^ '^"^'^^ high speed 

hTn ? """""^ ^'ow. and requires 

hardware^nven refresh. The speed of DRAMs, therefore, as buffer meZ ' 

Furthemnore. external CPU involvement should be avoided since CPU 
-olvement also makes i. almost Impossible to operate «;e slh a' 
espee . AdditionaiV, as network switches have become more any more 

omp cated w«h respect to requiring rules tables and memory contrT a 
complex mu«,.chlp solution is necessary which requires logl circuit;^ 
sometimes referred to as glue k,gic circuity, to enabl^ the va/ous c^^To 
commun,ca.e with each other. Additionally, cost/benefit tradeot a e 
nece«.a,y w«, respect to expensive but fast SRAMs versus Inexpensive but 

^ow DRAMS. Addlt,onally.ORAMs.byvi,tueo,thelrdynamionatu7e™ 

dtrT?™'""'' "-^^'"•'--'--^"'-of.sZ: 
do no, suffer from the refresh requirement, and have reduced ope,a«o„a 

overhead Which compared toDRAMssuchasellminationofpagemfeJe" 
A«h0U9h DRAMS have adequate speed when accessing 'oLons onte 
same page, speed is reduced when other pages must be accessed 
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Referring to the OSI 7-layer reference model discussed previously, and 
illustrated in Figure 7. the higher layers typically have more infomnation. 
Various types of products are available for performing sv^itching-related 
functions at various levels of the OSI model. Hubs or repeaters operate at 
5 layer one. and essentially copy and "broadcast" incoming data to a plurality 
of spokes of the hub. Layer two switching-related devices are^ypically 
referred to as multiport bridges, and are capable of bridging two separate 
networks. Bridges can build a table of forwarding rules based upon which 
MAC (media access controller) addresses exist on which ports of the bridge, 
1 0 and pass packets which are destined for an address which is located on an 
opposite side of the bridge. Bridges typically utilize what is known as the 
"spanning tree" algorithm to eliminate potential data loops; a data loop is a 
situation wherein a packet endlessly loops in a network looking for a particular 
address. The spanning tree algorithm defines a protocol for preventing data 
15 loops. Layer three switches, sometimes referred to as routers, can fonward 
packets based upon the destination network address. Layer three switches 
are capable of teaming addresses and maintaining tables thereof which 
correspond to port mappings. Processing speed for layer three switches can 
be improved by utilizing specialized high performance hardware, and off- 
20 loading the host CPU so that instruction decisions do not delay packet 
forwarding. 

Figure 1 illustrates a configuration wherein a switch-on-chip (SOC) 1 0. 
in accordance with the present invention, is functionally connected to extemal 
devices 1 1 . extemal memory 12. fast Ethernet ports 13. and gigabit Ethemet 
25 ports 15. Forthepurposesofthisembodiment.fastEthernetports13wHlbe 
considered low speed Ethemet ports, since they are capabte of operating at 
speeds ranging from 10 Mbps to 100 Mbps, white the gigabit Ethemet ports 
15. which are high speed Ethemet ports, are capable of operating at 1000 
Mbps. External devices 11 could include other switching devices for 
30 expanding switching capabilities, or other devices as may be required by a 
particular application. Extemal memory 12 is additional off-chip memory, 
which is in addition to internal memory which is located on SOC 10. as will be 
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discussed below. CPU 52 can be used as necessary ,o program SOC 10 with 
rules which are appropriatetocontrol packet processing. However, once SOC 
10 ,s appropriately programmed or configured, SOC 10 operates, as much as 
possible, ,n a free running manner without communicating with CPU 52 
Because CPU 52 does not control every aspect of the operation of SOC 1 0 
CPU 52 perfomiance requirements, at least with respect to SOC1 0, are fairly 
low. A less powerful and therefore less expensive CPU 52 can therefore be 
used When compared to known network switches. As also will be discussed 
below, SOC 10 util^es externa, memory 12 in an efficient manner so «,at«ie 
cost and perfomiance requirements of memory 12 can be reduced Internal 
memory on SOC 10. as will be discussed below, is also configured to 
maximize switching throughput and minimize costs. 

It Should be noted that any number of fast Ethernet ports 1 3 and 
gigabit Eth^net ports 15 can be provided. In one embodiment, a maximum 
of 24 fast Ethernet ports 13 and 2 gigabit ports 15 can be provided. Similarly 
additronal interconnect links to additional external devices 11, external 
memory 12, and CPUs 52 may be provided as necessary 

Figure 1 also illustrates that SOC 10 includes various internal modular 
components, such as at least one Ethernet port interface controller (EPIC) 20 
a Plurality of which will be referred to as 2Qa, 20b,...20x, a plurality of gigabil 
port interface controllers (GPIC) 30. referred to herein as 30a. 30b,...30x an 
internet port interface controller (IPIC) 90, a common buffer pool (CBP) 50 
a memory management unit (MMU) 70, and a CPU management interface 
controller (CMIC) 40. CPS channel 80 runs through SOC 10. and enables 
communication between the modular elements of SOC 10 

Figure 2 illustrates a more detailed block diagram of the functional 
elements of SOC 10. As evident from Figure 2 and as noted above. SOC 10 
.ncludes a plurality of modular systems on-chip, with each modular system 
although being on the same chip, being functionally separate from the other 
modularsystems. -nterefbre, each module can efficiently operate in parallel 
other modules, and this configuration enables a significant amount of 
•reedom m updating and re-engineering SOC 1 0. 
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20b 20e ^ "'"7:" ^'"™"'>'<"E'herne,Pomn.erface Controllers 20a 
a CPU M ' ' °' ""^ '"'^^^^ 3°-. 30b, etc 

50 a MerT"' ^ '--°'V Pooi 

external Global Buffer Memory Pool (GBP) 60. The CPS channel 80 
^nnpnses C channel 81 , P channel 82, and S channel 83. The CPS ht ne 

Channel which glues or ImerconneCs the various modules .cgefher Is also 
lus.ra,edinngure2,alsoln.uded.sln.erne.port,n,erface™^^^^ 
90, Which includes a plurality of tables 91, and networK bufTer pool (NBr S 
.hereupon. Also, included in ,P,c 90, and discussed later are a p ur'^ of 
components associated with enablino IPir on , ^ 
swftohes or „th». ° with other 

g^rr K ? "^"^"'^ - Wgh performance Interface IPIC 

90 enables high efficiency stacking configurations to be created 

As will be discussed below, each EPIC 20a. 20b. and 20c generallv 
eferred to as EPIC 20. and GPIC 30a and 30b. generally referred to as GP^' 

three sw«ch,ng tables 21a, 21b, 21c. 31a. 31b. rules tabtes 22a. 22b 22^ 
31a. 31b, and VI^N tables 23a, 23b 23c 31a 3ik . J. 

9enerallyreferredtoas21,31.22.32.23.:3^^:i:re^^^^^^^^^^^ 

arrays where,n each array has (x -y) „,eniory storage locations therein 

fast Etl^rt ^"^'"^"^ """^ ^""'^ '"«"«°n. each EPIC 20 supports 8 
m tTa ports 13. and switches packets to and/or from these ports as 

fte^f The ' r ''^ '^"^ «° - °*e' side 

r^:^' ^ ""^""^ ^^'"^ '"'-'f- C^M"). Which enabi 

•he direc medium connec«on to SOC 10. As is known in the art. autj 
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negotiation is an aspect of fast Ethernet, wherein the network is capable of 
negotiating a highest communication speed between a source and a 
destination based on the capabilities of the respective devices. The 
communication speed can vary, as noted previously, between 10 Mbps and 
100 Mbps; auto-negotiation capability, therefore, is built directly into each 
EPIC module. The address resolution logic (ARL) and layer three tables 
(ARL/L3) 21a, 21b, 21c, rules table 22a, 22b. 22c. and VLAN tables 23a, 23b, 
and 23c are configured to be part of or interface with the associated EPIC in 
an efficient and expedient manner, also to support wirespeed packet flow. 

Each EPIC 20 has separate ingress and egress functions. On the 
ingress side, self-initiated and CPU-initiated learning of level 2 address 
information can occur. Address resolution logic (ARL) is utilized to assist In 
this task. Address aging is built in as a feature, in order to eliminate the 
storage of address information which is no longer valid or useful. EPIC 20 
also carries out layer 2 mirroring. A fast filtering processor (FFP) 141 (see 
Fig. 14) is incorporated into each EPIC and GPIC, in order to accelerate 
packet forwarding and enhance packet flow. The ingress side of each EPIC 
and GPIC, illustrated in Figure 8 as ingress submodule 14, has a significant 
amount of complexity to be able to properly process a significant number of 
different types of packets which may come in to the port, for linespeed 
buffering and then appropriate transfer to the egress. Functionally, each port 
on each module of SOC 10 has a separate ingress submodule 14 associated 
therewith. From an implementation perspective, however, in order to 
minimize the amount of hardware implemented on the single-chip SOC 10, 
common hardware elements in the silicon will be used to implement a plurality 
of ingress submodules on each particular module. The configuration of SOC 
10 discussed herein enables concurrent lookups and filtering, and therefore, 
allows for processing of up to 6.6 million packets per second. Layer two 
lookups, layerthree lookups, and filtering occur simultaneously to achieve this 
level of performance. On the egress side, the EPIC is capable of supporting 
packet polling based either as an egress management or class of service 
(COS) function. Rerouting/scheduling of packets to be transmitted can occur, 
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as well as head-of-llne (HOL) blocking notification, packet aging, cell 
reassembly, and other functions associated with Ethernet port interface. 

Each GPIC 30 is similar to each EPIC 20, but supports only one gigabit 
Ethernet port, and utilizes a port-specific ARL table, rather than utilizing an 
ARL table which is shared with any other ports. Additionally, instead of an 
RMII, each GPIC port interfaces to the network medium utilcfing a gigabit 
media independent interface (GMII). 

CMIC 40 acts as a gateway between the SOC 10 and the host CPU. 
The communication can be, for example, along a PCI bus. or other 
acceptable communications bus. CMIC 40 can provide sequential direct 
mapped accesses between the host CPU 52 and the SOC 10. CPU 52, 
through the CMIC 40. will be able to access numerous resources on SOC 10, 
including MIB counters, programmable registers, status and control registers, 
configuration registers. ARL tables, port-based VLAN tables, IEEE 802.1q 
VLAN tables, layer three tables, rules tables. CBP address and data memory, 
as well as GBP address and data memory. Optionally, the CMIC 40 can 
include DMA support, DMA chaining and scatter-gather, as well as master 
and target PCI64. 

Common buffer memory pool or CBP 50 can be considered to be the 
on-chip data memory. In one embodiment. CBP 50 is first level high speed 
SRAM type memory, to maximize performance and minimize hardware 
overhead requirements. CBP 50 can have a size of. for example. 720 
kilobytes running at 132 MHZ. Packets stored in the CBP 50 are typically 
stored as a series of linked cells, rather than packets. The packets are stored 
and moved within SOC 1 0 as cells, and reassembled as packets before being 
sent out on appropriate egress ports. As illustrated in the figure. MMU 70 also 
contains the Common Buffer Manager (CBM) 71 thereon. CBM 71 handles 
queue management, and is responsible for assigning cell pointers to incoming 
cells, as well as assigning common packet IDs (CPIDs) once the packet is 
fully written into the CBP. CBM 71 can also handle management of the on- 
chip free address pointer pool, control actual data transfers to and from the 
data pool, and provide memory budget management. 
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Global memory buffer pool or GBP 60 acts as a second level memory, 
and can be located on-chip or off chip. In one embodiment, GBP 60 is 
located off chip with respect to SOC 10. \A/hen located off-chip, GBP 60 is 
considered to be a part of or all of external memory 12. As a second level 
5 memory, the GBP does not need to be expensive high speed SRAMs, and 
can be a slower less expensive memory, such as DRAM. Th^ GBP is tightly 
coupled to the MMU 70, and operates like the CBP in that packets are stored 
as cells. For broadcast and multicast messages, only one copy of the packet 
is stored in GBP 60. 

10 As shown in the figures, MMU 70 is located between GBP 60 and CPS 

channel 80, and acts as an external memory interface. In order to optimize 
memory utilization. MMU 70 includes multiple read and write buffers, and 
supports numerous functions including global queue management, which 
broadly includes assignment of cell pointers for rerouted incoming packets, 

15 maintenance of the global FAP, time-optimized cell management, global 
memory budget management, GPID assignment and egress manager 
notification, write buffer management, read prefetches based upon egress 
manager/class of service requests, and smart memory control. 

As shown in Figure 2, the CPS channel 80 is actually three separate 

20 channels, referred to as the C-channel, the P-channel. and the S-channel. 
The C-channel is 128 bits wide, and runs at 132 MHZ. Packet transfers 
between ports occur on the C-channel. Since this channel is used solely for 
data transfer, there is no overhead associated with its use. The P-channel or 
protocol channel is synchronous or locked with the C-channel. During cell 

25 transfers, the message header is sent via the P-channel by the MMU. The P- 
channel is 64 bits wide, and runs at 132 MHZ. 

The S or sideband channel runs at 132 MHZ. and is 32 bits wide. The 
S-channel is used for functions such as for conveying Port Link Status, 
receive port full, port statistics, ARL table synchronization, memory and 

30 register access to CPU and other CPU management functions, and global 
memory full and common memory full notification. 
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A proper understanding of the operation of SOC 1 0 requires a proper 
understanding of the operation of CPS channel 80. Referring to Figure 3 It 
can be seen that in SOC 10. on the ingress, packets coming in to an EPIC or 
GPIC are sliced by the EPIC 20 or GPIC 30 into 64-byte cells. The use of 
cells on-chip Instead of packets makes it easier to adapt the SOC toworkwith 
c^H based protocols such as, for example. Asynchronous Tr^psfer Mode 
(ATM). Presently, however, ATM utilizes cells which are 53 bytes long with 
48 bytes for payload and 5 bytes for header. In the SOC. incoming panels 
are sliced into cells which are 64 bytes long as discussed above, and the cells 
are further divided into four separate 16 byte cell blocks CnO..,Cn3 Locked 
With the C-channel is the P-channel. which locks the opcode in 
synchronization with CnO. A port bit map is inserted into the P-channel during 
the phase Cm . The untagged bit map is inserted into the P-channel during 
Phase Cn2. and a time stamp is placed on the P-channel in Cn3 
independent from occurrences on the C and P-channel. the S-channel is used 
as a sideband, and is therefore decoupled from activiUes on the C and P- 
channel. 

IPIC 90 communicates with CPS channel 80 and functions essentially 
like a port. Packets coming into the IPIC from the outside of SOC 10 would 
either be coming from another IPIC module on another SOC 1 0. or from other 
^nks through a high perfom,ance interface. The IP.C. therefo,^ is 
d,s .nguishable from an EPIC module 20. since each EPIC will typically have 
a Plurality of ports, while the IPIC has a single port. As will be discussed in 
more detail, the IPlC includes an internal memory buffer called the network 
^""^1!°°' °' "^"'^ """^ in Figures 1 and 2 as NBP 92 

Vt^M T trr"'" " """"'"^ °' '^"'^^ P-^-' "-"""g. as a 
Vl^ Table 802.1q, trunking tables, etc. IPIC 90 does not have ARL tables 

s-nce tt» destination port number will be available in the module header' 
Packets which come in to SOC 10 through either an EPIC 20 or a GPIC 3o' 
wh«h are des«ned for IPIC 90, are not stored in the CBP or GBP. bu, instead 
are routed to and stored in NBP 92 within IPIC 90 itself. 
Cell or C-Channel 
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Arbitration for the CPS channel occurs out of band. Every module 
(EPIC, GPIC, IPIC, etc.) monitors the channel, and matching destination ports 
respond to appropriate transactions. C-channel arbitration is a demand priority 
round robin arbitration mechanism. If no requests are active, however, the 
5 default module, which can be selected during the configuration of SOC 10, 
can park on the channel and have complete access thereto^ If all requests 
are active, the configuration of SOC 10 is such that the MMU is granted 
access every other cell cycle, and EPICs 20. GPiCs 30. and IPIC 90 share 
equal access to the C-channel on a round robin basis. Figures 4A and 4B 

10 illustrate a C-channel arbitration mechanism wherein section A is the MMU. 
and section B consists of two GPICs. three EPICs. and one IPIC. The 
sections alternate access, and since the MMU is the only module in section 
A. it gains access every other cycle. The modules in section B, as noted 
previously, obtain access on a round robin basis. 

15 The C channel 81 arbitration scheme, as discussed previously and as 

illustrated in Figures 4A and 4B, is Demand Priority Round-Robin. Each I/O 
module. EPIC 20. GPIC 30, CMIC 40, and IPIC 90. along with the MMU 70. 
can initiate a request for C channel access. If no requests exist at any one 
given time, the default module established with a high priority gets complete 

20 access to the C channel 81. If any one single I/O module or the MMU 70 
requests C channel 81 access, that single module gains access to the C 
channel 81 on-demand. 

If EPIC modules 20a, 20b. 20c. and GPIC modules 30a and 30b, IPIC 
90, and CMIC 40 simultaneously request C channel access, then access is 

25 granted in round-robin fashion. For a given arbitration time period each of the 
I/O modules would be provided access to the C channel 81. For example, 
each GPIC module 30a and 30b would be granted access, followed by the 
EPIC modules, and finally the CMIC 40. After every arbitration time period 
the next I/O module with a valid request would be given access to the C 

30 channel 81 . This pattern would continue as long as each of the I/O modules 
provide an active C channel 81 access request. 
Protocol or P-Channel 
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Referring once again to the protocol or P-channel, a plurality of 
messages can be placed on the P-channel in order to properly direct flow of 
data flowing on the C-channel. Since P-channel 82 is 64 bits wide, and a 
message typically requires 128 bits, two smaller 64 bit messages are put 
together in order to form a complete P-channel message. The following list 
identifies the fields and function and the various bit counts pf the 128 bit 
message on the P-channel. 

IP/IPX Bits - 2 bits long - IP/IPX Bits - contains information on Pacl<et 
Type. Value 0 - is L2 switched Pacl<et. Value 1 - The packet is IP 
Switched Packet. Value 2 - The packet is IPX Switched Packet. Value 
3 - The packet is IP Multicast Packet. 

Next Cell - 2 bits long - Next Cell has this unique requirement to satisfy 
Cell header: Value 01 - If the valid bytes in this cell between 1 to 16. 
Value 02 - If the valid bytes in this cell are between 17 to 32. Value 03 
- If the valid bytes in this cell are between 33 to 48. Value 00 - If the 
valid bytes In this cell are between 49 to 64. For the First cell all four 
cycles are valid. 

Src Dest Port - 6 bits long - The Port Number which sends the 
Message or receive the message. The interpretation of Source or 
Destination depends on Opcode. 

Cos - 3 bits long - COS - Class of Sen/ice for this packet. 

J Bit - 1 bit long - J bit in the message identifies that the Packet is a 

Jumbo Packet. 

S Bit - 1 bit long - S bit is used to identify that this is the first cell of the 
Packet. When S bit is set all four cycles are valid. 
E Bit - 1 bit long - E Bit is used to identify that this is the last cell of the 
Packet. If E bit is set then the length field contains the number of valid 
bytes in the transfer. 

CRC Bits - 2 bits long - Value 0x01 - is Append CRC Bit. If it is set 
then the egress Port should append the CRC to the packet. Value 
0x02 - is Regenerate CRC Bit. If this bit is set then the egress Port 
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Should regenerate CRC. Value 0x00- no change in CRC. ValueOxOS 
- unused. 

P Bit - 1 bit long - If this bit is set then MMU should Purge the entire 
Packet. 

Len - 7 bits long - The Len Bits is used to identify the valid number of 
bytes in this transfer. This field is valid for every cell. 
O Bits - 2 bits long - Optimization Bits are provided for CPU so that it 
can process the packet more efficiently. Value 0 - Not Used Value 1 - 
IS set v^hen the packet is send to the CPU as a result of C Bit set in the 
Default Router Table. Value 2 - Frame Type Mismatch - ,„f,is bi, is 
set then IPX Frame Packet Type does not match the Packet Type in 
the IPX L3 Table. Value 3 - Reserved. 

Bc/Mc Bitmap - 31 bits long - Broadcast and Multicast Bitmap This 
field identifies all the egress ports, the packet should be sent to 
UnTagged Bits/Source Port (bit 0..5) - 31/5 bits long - It the opcode 
IS 0x02, that is. the packet is being transferred from Port to MMU then 
fh« field is interpreted as Untagged Bitmap. But if the opcode is 0x01 
that .s, the packet is being transferred from MMU to Egress Port then 
the last 6 bits Of this field is interpreted as Source Port field. Untagged 
Brts - This bits identifies all the egress ports which is suppose to Strip 
the Tag Header. Source Port (bit 0..5) - The Source Port Number i e 
the port number on which this packet has entered the switch 
U B.t - 1 bit long - u Bit - This field has meaning only if the opcode is 
0X01 , that IS, the packet is being transfened from MMU to Egress If 
th.s bi, is set then the packet should go out of the port as Untagged 
«hat,s, MAC has to do the Tag stripping. ' 
ITme Stamp - 14 bits long - Time Stamp is a 14 bit running counter, 
"^■ch the system puts in this field when the packet arrives. Time 
Stamp IS implemented with the granularity of 1 usee 
Wan w 12 bits long - Vlan Identifier Note. In Orion^A all the packets 
the CP Channel are transmitted as Tagged Packet, i.e. the VLAN 
■s sent along with the packet where as in Orion-SM VLM Id is 
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passed on the Pohanne.. Tha, means any paoke. (untagged or 
tagged) will go as is on Cell Ct.annel. 

me matched RIter I, .He pacKet Has to go to CPU as a result o, Filter 

MSB bit 4^ Z " ° °' ''"^ " *e 

^^Zll'l " ' " ^ • ''""^ -^^^ <"« ^ 1 I. 

CPU Opcodes - 18 bits long - CPU Opcodes: We have provided 

these b,tsforefficientprocessing of thepacket by the CPU. These bits 
are set if the packet is sen. to the CPU for various reasons The 
following opcodes are defined: BK 0 - Filter Match 81, - This bit is se, 
as a result of Filter match and one o, the Action of the fmer is to send 

n^he P : r ' - " '""^ ^' 

-n the ARL Table, or 2) CM Bit is se. in the PVl^N .able and it's a SLF ' 
or 3) the .ncoming VLAN Id is not found in 802. 1 Q VLAN Table Bit 2 - 
Th,s bi, is se. if the Source Routing Bit is bi. 40 of the Source Mac 
Address. Bi. 3 - This bi. is se. if 1, ifs a Destination lookup failure or 
^ bene ,s L3 station Movement. Bit 4 - Control Frame Bit - This b« is 
se. rf .he Packe. is a BPDU. GVRP, GMRP or one of tt,e Reserved 
ad resses. Bi. 5 - IP Packet Bi, - This bi, is se. if the Packet needs to 

oe IP switched. Bit 6 - IPX Packe^t Rit tk.v k * - 

racKei Bit - This bit is set if the Packf^t 

^eeds to be IPX switched. Bit 7 - IP Options Present Bit - This bi, is 

T,P ^ » ^ ■ - Class 

D IP Mutticast Packet. Bit 9 - This bi, is set if TTL is zero or less after 

a Brr"*- " ^'"^^ - P^c^e. is 

PacT^'l ' ' " ■ -^"'^ - - ■« 'he 

•"acket IS a Multicast Packet. 

used only for Layer 3 Swifched - IP Mulflcas. Packets. This field 
contains the new ,P checksum calculated by ,ng,«ss after 
decrementing the TTL fieW. 
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C Bit -1 bit long - Control Bit - The Control Bit identifies whether this is 
a Control frame or a data frame. This bit is set to 1 for Control Frame 
and is set to 0 for data frame. 

Mod Opcodes - 3 bits long - Mod Opcodes - are used to identify the 
5 Packet Type. Value 00 - identifies that the packet is a unicast Packet 

and the Egress Port is uniquely identified by Module^ld Bitmap (only 
one bit will be set in this field) and the Egress Port Number. Value 01 - 
identifies that the Packet is a Broadcast or Destination Lookup Failure 
(DLF) and is destined to Multiple Ports on the same Module or multiple 

10 ports on different Modules. The Egress port is not a valid field in this 

scenario. Value 02 - identifies that the packet is a multicast packet 
and is addressed to multiple ports. Value 03 - identifies that the 
Packet is a IP Multicast Packet and is addressed to Multiple Ports. 
TGID - 3 bits long - TGID Bits - TGID identifies the Trunk Group 

15 Identifier of the Source Port. This field is valid only if T bit is set. 

T - 1 bit long - T Bit - If this bit is set then TGID is a valid field. 
MT Module Id - 5 bits long - MT Module Id is "Mirrored-To" Module Id. 
This field is used to send the packet to a "mirrored-to" port, which is 
located on a remote Module. This field is valid only if M bit is set. 

20 M Bit - 1 bit long - M Bit - If this bit is set then MT Module Id is a valid 

field. 

Remote Port - 6 bits long - Remote Port is the Port Number on the 
remote module, which is suppose to receive this packet. 
Src Port - 6 bits long - Source Port is the Source Port of the Packet. 
25 PFM Bits - 2 bits long - PFM Bits is the Port Filtering Mode of the 

Source Port. This bits are valid only for Multicast Packet. 
Mod Id Bitmap - 32 bits long - The Bitmap of all the modules that 
should get this Packet. 

The opcode field of the P-channel message defines the type of 
30 message currently being sent. While the opcode is currently shown as having 
a width of 2 bits, the opcode field can be widened as desired to account for 
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new types of messages as may be defined In ,he Wure. Graphically 
however, .he P-ohanne, message ,ype denned ahove Is shown in 

An early ,em,lnation message Is used to Indicate to CBM 71 that the 
ourrent paCe, Is to be terminated. During operation, as discuss J TSe 
detail below, me status bit (S, field In the message is set to Indfeate the 
to p r^ the current paCet from memory. Also In response to*e statusT^ 

tirr "'^^^ - ~ p- .o 

define Tf'l "'^^^^ ^ ^«ed above 

d^ne the dest,na,lon and source port addresses, respectively. Each field s 
6 bits w^e and theretore allows for the addressing of sixty-four ports 

The CRC field of the message Is two bits wide and defines CRC 

itsTpo": T ^" — - ^ 

egress port shou d append a CRr tr. ^ x 

HHena a UK(^ to the current packet. An earess nnrt 

would append a CRC to the cunent pacKet when bit 0 of the CRC fi^d s^" 

ii^zr ' °' - 

associated egress port should regenerate a CRC for the current packet An 
egress port would regenerate a CRC when bit 1 of the CRC fljd .'tuo , 

oy the E M field of P-channel message set to a logical one 

count tCtrrr"''''*''^'''"'''''^'''''**''^^^"^'--"'''''^^^-" 
count field of the message are only valid for the last cell of a packet beinn 

Uansmrtted as defined by the E bl, fie« ofthe message ' 

bltsare!^rd'!°'''''''""'''''"''"^'"^"'^^=^'"9'=°"«9"-«°-.32 
21 T °" "^^'^^^^ - '""'"le ID bitmap 

B«^use Of the importance of the module ID In SOC 10, the module ID and 

:rp:rrrr'^-'^--°-----~r 

valid oIVT/*""' "'"^ ^ Of 1 PS and is 

vaM only tor .he firs, cell of «,e packet defined by the S bit flek. of me 



wo 00/56024 



PCTAJSOO/06942 



23 

The time stamp field of the message has a resolution of 1 ps and is 
valid only for the first cell of the packet defined by the S bit field of the 
message. A cell is defined as the first cell of a received packet when the S 
bit field of the message is set to a logical one value. 
5 As is described in more detail below, the C channel 81 and the P 

channel 82 are synchronously tied together such that data qiti C channel 81 
is transmitted over the CPS channel 80 while a corresponding P channel 
message is simultaneously transmitted. 
S-Channei or Sideband Channel 

10 The S channel 83 is a 32-bit wide channel which provides a separate 

communication path within the SOC 10. The S channel 83 is used for 
management by CPU 52, SOC 10 internal flow control, and SOC 10 inter- 
module messaging. The S channel 83 is a sideband channel of the CPS 
channel 80, and is electrically and physically isolated from the C channel 81 

15 and the P channel 82. It is important to note that since the S channel is 
separate and distinct from the C channel 81 and the P channel 82, operation 
of the S channel 83 can continue without performance degradation related to 
the C channel 81 and P channel 82 operation. Conversely, since the C 
channel is not used for the transmission of system messages, but rather only 

20 data, there is no overhead associated with the C channel 81 and, thus, the C 
channel 81 is able to free-run as needed to handle incoming and outgoing 
packet information. 

The S channel 83 of CPS channel 80 provides a system wide 
communication path for transmitting system messages, for example, providing 

25 the CPU 52 with access to the control structure of the SOC 10. System 
messages include port status information, including port link status, receive 
port full, and port statistics. ARL table synchronization, CPU 52 access to 
GBP 60 and CBP 50 memory buffers and SOC 10 control registers, and 
memory full notification corresponding to GBP 60 and/or CBP 50. 

30 Figure 6 illustrates a message fomriat for an S channel message on S 

channel 83. The message is formed of four 32-bit words; the bits of the fields 
of the words are defined as follows: 
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Opcode - 6 bits long - Identifies the type of message present on the S 
channel; 

Dest Port - 6 bits long - Defines the port number to which the current 
S channel message is addressed; 

Src Port -6 bits long - Defines the port number of which the current S 
channel message originated; 

COS - 3 bits long - Defines the class of service associated with the 
current S channel message; and 

C bit - 1 bit long - Logically defines whether the current S channel 
message is intended for the CPU 52. 

Error Code - 2 bits long - Defines a valid error when the E bit is sef 
DataLen - 7 bits long - Defines the total number of data bytes in the 
Data field; 

E bit - 1 bit long - Logically indicates whether an error has occurred In 
the execution of the current command as defined by opcode- 
Address - 32 bits long - Defines the memory address associaied with 
the current command as defined in opcode; 

Data - 0-127 bits long - Contains the data associated with the current 
opcode. 

With the configuration of CPS channel 80 as explained above the 
decoupling of the S channel from the C channel and the P channel is such 
hat the bandwidth on the C channel can be preserved for cell transfer, and 
that overioading of the C channel does not affect communications on the 
Sideband channel. 
SOC Operation 

^ The configuration of the SOC 1 0 supports fast Ethernet ports, gigabit 
ports, and extendible interconnect links as discussed above The SOC 
configuration can also be stacked as noted previously, thereby enabling 
s.gn.ficant port expansion capability. Once data packets have been received 
by SOC 10. sliced into cells, and placed on CPS channel 80. stacked SOC 

appropriate mfonriatlon as necessary. As will be discussed below a 
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significant amount of concurrent lookups and filtering occurs as the packet 
comes into ingress submodule 14 of an EPIC 20 or GPIC 30, with respect to 
layer two and layer three lookups, and fast filtering. 

Now referring to Figs. 8 and 9, the handling of a data packet is 
5 described. For explanation purposes, Ethernet data to be received will 
consider to arrive at one of the ports 24a of EPIC 20a. It will be presumed 
that the packet is intended to be transmitted to a user on one of ports 24c of 
EPIC 20c. All EPICs 20 (20a. 20b. 20c, etc.) have similar features and 
functions, and each individually operate based on packet flow. 

10 An input data packet 1 1 2 is applied to the port 24a is shown. The data 

packet 112 is, in this example, defined per the current standards for 10/100 
Mbps Ethernet transmission and may have any length or structure as defined 
by that standard. This discussion will assume the length of the data packet 
112 to be 1024 bits or 128 bytes. 

15 It should be noted that each EPIC 20 and each GPIC 30 has an 

ingress submodule 14 and egress submodule 16, which provide port specific 
ingress and egress functions. All incoming packet processing occurs in 
ingress submodule 14, and features such as the fast filtering processor, layer 
two (L2) and layer three (L3) lookups, layer two learning, both self-initiated 

20 and CPU 52 initiated, layer two table management, layer two switching, 
packet slicing, offset application, and channel dispatching occurs in ingress 
submodule 14. After lookups, fast filter processing, and slicing into cells, as 
noted above and as will be discussed below, the packet is placed from 
ingress submodule 14 into dispatch unit 18, and then placed onto CPS 

25 channel 80 and memory management is handled by MMU 70. A number of 
ingress buffers are provided in dispatch unit 18 to ensure proper handling of 
the packets/cells. Once the cells or cellularized packets are placed onto the 
CPS channel 80, the ingress submodule is finished with the packet. The 
ingress is not involved with dynamic memory allocation, or the specific path 

30 the cells will take toward the destination. Egress submodule 16, illustrated in 
Figure 8 as submodule 16a of EPIC 20a, monitors CPS channel 80 and 
continuously looks for cells destined for a port of that particular EPIC 20. 
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When the MMU 70 receives a sianal th=t 

des«„a«o„o,apac.e..„.e.o;~:,:: ''"^^ ' 
cells associated wfth the packet ou It " ' '''''' '° 
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roon,i„.HenPOtctpacKe.sc.ce;:l;:eZTntrr^"''^"' 
CPS Channel 80 is configured to handle ^LTZ c^TST"' 
..a.a.shand,..o.e.^^ 

receive::;;~::r^^"'" 
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identity of the user at the ingress port 24 is determined, the ARULS tables 
21a are updated to reflect the user identification. The ARL/L3 tables 21 of 
each other EPIC 20 and GPIC 30 are updated to reflect the newly acquired 
user identification in a synchronizing step, as will be discussed below. As a 
result, while the ingress of EPIC 20a may determine that a given user is at a 
given port 24a, the egress of EPIC 20b, whose table 21b has-been updated 
with the user's identification at port 24a, can then provide information to the 
user at port 24a without re-learning which port the user was connected, which 
increases the ARL lookup efficiency of SOC 10. 

Table management may also be achieved through the use of CPU 52. 
CPU 52, via the CMIC 40, can provide the SOC 10 with software functions 
that result in the designation of the identification of a user at a given port 24. 
However, as discussed above, it is undesirable for the CPU 52 to continually 
access the packet information in its entirety, as this would lead to 
performance degradation. Rather, the SOC 10 is generally programmed by 
the CPU 52 with identification information concerning the user. Thereafter, 
SOC 10 can maintain real-time data flow, as the table data communication 
between the CPU 52 and the SOC 1 0 occurs exclusively on the S channel 83. 
While the SOC 10 can provide the CPU 52 with direct packet information via 
the C channel 81 , such a system setup is undesirable for the reasons set forth 
above. As stated above, as an ingress function an address resolution lookup 
is performed by examining the ARL table 21a. If the packet is addressed to 
one of the layer three (L3) switches of the SOC 10, then the ingress sub- 
module 14a perfomis the L3 and default table lookup. Once the destination 
port has been detemiined. the EPIC 20a sets a ready flag in the dispatch unit 
18a which then arbitrates for C channel 81. 

If all the I/O modules, including the MMU 70, request C channel 81 
access. MMU 70 is granted access as shown in Fig. 4B since the MMU 
provides a critical data path for all modules on the switch. Upon gaining 
access to the channel 81. the dispatch unit 18a (Figure 9) proceeds in 
passing the received packet 112. one cell at a time, to C channel 81 . 
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Referring again to Figure 3. the individual C. P, and S channels of the 
CPS channel 80 are shown. Once the dispatch unit 18a has been given 
permission to access the CPS channel 80. during the first time period CnO. 
the dispatch unit 18a places the first 16 bytes of the first 6ell 112a of the 
5 received packet 1 1 2 on the C channel 81 . Concurrently, the dispatch unit 1 8a 
places the first P channel message corresponding to the currently4ransmitted 
cell. As stated above, the first P channel message defines, among other 
things, the message type. Therefore, this example is such that the first P 
channel message would define the current cell as being a unicast type 
10 message to be directed to the destination egress port 21c. 

During the second clock cycle Cn1. the second 16 bytes (16:31) of the 
currently transmitted data cell 112a are placed on the C channel 81 
Likewise, during the second clock cycle Cnl . the Bc/Mc Port Bitmap is placed 
on the P channel 82. 

As indicated by the illustration of the S channel 83 data during the time 
periods CnO to Cn3 in Fig. 3, the operation of the S channel 83 is decoupled 
from the operation of the C channel 81 and the P channel 82. For example 
the CPU 52. via the CMIC 40. can pass system level messages to non-active 
modules while an active module passes cells on the C channel 81. As 
previously stated, this is an important aspect of the SOC 10 since the S 

channel operation allowsparallel task processing, permitting the transmission 
of cell data on the C channel 81 in real-time. Once the first cell 1 12a of the 
incoming packet 112 is placed on the CPS channel 80 the MMU 70 
detemiines whether the cell is to be transmitted to an egress port 21 local to 
25 the SOC 10. 

If the MMU 70 detemiines that the cun-ent cell 1 12a on the C channel 

81 is destined for an egress port of the SOC 10. the MMU 70 takes control of 
the cell data flow. 



15 



20 



30 



Figure 10 Illustrates, in more detail, the functional egress aspects of 
MMU 70. MMU 70 includes CBM 71. and interfaces between the GBP 60 
CBP 50 and a plurality of egress managers (EgM) 76 of egress submodule 
18. with one egress manager 76 being provided for each egress port. CBM 
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71 is connected to each egress manager 76. in a parallel configuration, via R 
channel data bus 77. R channel data bus 77 is a 32-bit wide bus used by 
CBM 71 and egress nnanagers 76 in the transmission of memory pointers and 
system messages. Each egress manager 76 is also connected to CPS 
5 channel 80, for the transfer of data cells 1 12a and 1 12b. 

CBM 71, in summary, performs the functions of on-chip FAP (free 
address pool) management, transfer of cells to CBP 50, packet assembly and 
notification to the respective egress managers, rerouting of packets to GBP 
60 via a global buffer manager, as well as handling packet flow from the GBP 

10 60 to CBP 50. Memory clean up. memory budget management, channel 
interface, and cell pointer assignment are also functions of CBM 71. With 
respect to the free address pool, CBM 71 manages the free address pool and 
assigns free cell pointers to incoming cells. The free address pool is also 
written back by CBM 71, such that the released cell pointers from various 

15 egress managers 76 are appropriately cleared. Assuming that there is 
enough space available in CBP 50, and enough free address pointers 
available. CBM 71 maintains at least two cell pointers per egress manager 76 
which is being managed. The first cell of a packet arrives at an egress 
manager 76, and CBM 7 1 writes this cell to the CBM memory allocation at the 

20 address pointed to by the first pointer. In the next cell header field, the second 
pointer is written. The format of the cell as stored in CBP 50 is shown in 
Figure 1 1 ; each line is 18 bytes wide. Line 0 contains appropriate information 
with respect to first cell and last cell information, broadcast/multicast, number 
of egress ports for broadcast or multicast, cell length regarding the number of 

25 valid bytes in the cell, the next cell pointer, total cell count in the packet, and 
time stamp. The remaining lines contain cell data as 64 byte cells. The free 
address pool within MMU 70 stores all free pointers for CBP 50. Each pointer 
in the free address pool points to a 64-byte cell in CBP 50; the actual cell 
stored in the CBP is a total of 72 bytes, with 64 bytes being byte data, and 8 

30 bytes of control information. Functions such as HOL blocking high and low 
watemriarks. out queue budget registers, CPID assignment, and other 
functions are handled in CBM 71. as explained herein. 
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When MMU 70 determines that cell 1 12a is destined for an appropriate 
egress port on SOC 10, MMU 70 cont,ols the ceil flow from CPS channel 80 
to CBP 50. As the data packet 112 is received at MMU 70 from CPS 80 
CBM 71 detem,ines whether or not sufficient memory is available in CBP 50 
or the data packet 112. A free address pool (no. shown) can provide storage 
for at teast two cel, pointers per egress manager 76. per class «,f service „ 
sufficient memory is available in CBP 50 for storage and identification of the 
.ncommg data packet, CBM 71 places the data cell infom,ation on CPS 
channel 80. The data cell infom,ation is pravided by CBM 71 to CBP 50 at 
the assigned address. As newcells are received by MMU70, CBM 71 assigns 
cell pointers. The initial pointer for the fir^t cell 1 12a points to the egress 

112 w,l, be sent after i, is placed in memory, m the example of Figure 8 

EpfctnT '° °' ^'^ '^'"^^ o; 

EPIC 20c. For each additional cell 1 12b, CBM 71 assigns a corresponding 

^.nter. This corresponding cell pointer is stored as a two byte or 16 bit value 

oci;;»rr.K' ^""^P™'" "'^^ °" - -"essage, with the initial 

pointertothecorresponding egress manager 76,andsuccessivecel. pointers 
as part of each cell header, a linked list of memory pointers is fonr^d which 
defines packet 1 12 when the packet is fransmitted via the appropriate egress 
port, m th,s case 24c. Once the packet is fully written into CBP 50 a 
corresponding CBP Packet Identifier (CPID) is provided to the appropriate 
egress manager 76: this CPID points to the memory location of inUial cell 
1 12a. The CPID for the data packet is then used when the data packet 1 12 

'-<='-'«V.«-«CBM71 maintains 

ba ed u^n a number of fectors. An example of admission logic for CBP 50 
W.I1 be discussed below with reference to Figure 12. 

Since CBM 71 controls data flow within SOC 10 the data flow 
a^w^hanyingressportcanlikewlsebecontrolled. WhenpZ. : 
assocated egress manager 76. The total number of data 
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manager 76, the value of the budget register corresponding to the associated 
egress manager 76 is incremented by the number of data celts 1 1 2a, 1 1 2b of 
the new data cells received. The budget register therefore dynamically 
represents the total number of cells designated to be sent by any specific 
5 egress port on an EPIC 20. CBM 71 controls the inflow of additional data 
packets by comparing the budget register to a high watermark register value 
or a low watermark register value, for the same egress. 

When the value of the budget register exceeds the high watermark 
value, the associated ingress port is disabled. Similarly, when data cells of an 

10 egress manager 76 are sent via the egress port, and the corresponding 
budget register decreases to a value below the low watermark value, the 
ingress port is once again enabled. When egress manager 76 initiates the 
transmission of packet 112, egress manager 76 notifies CBM 71 , which then 
decrements the budget register value by the number of data cells which are 

15 transmitted. The specific high watermark values and low watermark values 
can be programmed by the user via CPU 52. This gives the user control over 
the data flow of any port on any EPIC 20 or GPIC 30, and of IPIC 90. 

Egress manager 76 is also capable of controlling data flow. Each 
egress manager 76 is provided with the capability to keep track of packet 

20 identification information in a packet pointer budget register; as a new pointer 
is received by egress manager 76, the associated packet pointer budget 
register is incremented. As egress manager 76 sends out a data packet 112. 
the packet pointer budget register is decremented. When a storage limit 
assigned to the register is reached, corresponding to a full packet 

25 identification pool, a notification message is sent to all ingress ports of the 
SOC 10, Indicating that the destination egress port controlled by that egress 
manager 76 is unavailable. When the packet pointer budget register is 
decremented below the packet pool high watemriark value, a notification 
message is sent that the destination egress port is now available. The 

30 notification messages are sent by CBM 71 on the S channel 83. 

As noted previously, flow control may be provided by CBM 71 , and also 
by ingress submodule 14 of either an EPIC 20, GPIC 30, or by IPIC 90. 
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Ingress submodule 14 monitors cell transmission into port 24. When a data 
packet 112 is received at a port 24. the ingress submodule 14 increments a 
received budget register by the cell count of the incoming data packet. When 
a data packet 112 is sent, the corresponding ingress 14 decrements the 
received budget register by the cell count of the outgoing data packet 1 12 
The budget register 72 is decremented by Ingress 14 in response to a 
decrement cell count message initiated by CBM 71 . when a data packet 1 12 
IS successfully transmitted from CBP 50. 

Efficient handling of the CBP 50 and GBP 60 Is necessary in order to 

maximize throughput, to prevent portstarvation.andtopreventportunderrun 
For every ingress, there is a lov. watem^ark and a high watemiark; if cell count 
IS below the low watermark, the packet is admitted to the CBP thereby 
preventing port starvation by giving the port an appropriate share of CBP 
space. 

Figure 12 generally illustrates the handling of a data packet 1 12 when 
rt IS received at an appropriate ingress port. This figure illustrates dynamic 
memoor allocation on a single pon, and is applicable for each ingress port of 
SOC 1 0. In step 12-1 , the incoming packet length is estimated by estimating 
the cell count based upon the egress manager count pl.s the incoming cell 
count. After this cell count is estimated, the GBP 60 cunent cell count is 
decked at step 12-2 to detem,ine whether or not GBP 60 is empty. If the 
GBP cell count is 0. thus indicating that GBP 60 is empty, then the method 
proceeds to step 12-3, where it is detem,ined whether or not the estimated 
cell count from step 12-1 is less than the admission low watemtark of CBP 50 
The admission low watemiark value enables the reception of new packets 
1 12 into CBP 50 if the total number of cells in the associated egress is below 
he admission low watem,ark value. If the cell count is less than the admission 
lowwatermark of CBP SO. then the packet is admitted into CBP 50 at step 12 

rRr,^.r'"''°'°^"~""'''"°''*"*"''™'=='°"'°""««™«*.«hen 
CBM 71 then must arbitrate for CBP memo^- allocation with other Ingress 
ports of other EPICs and GPICs in step 12-4. If the arbitration process is 
unsuccessful, then the incoming packet is sent to a reroute pmcess leferred 
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«nespeed comn,unica«on. '° 
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Mac Address - 48 bits long - Mac Address; 

VLAN tag - 12 bits long - VLAN Tag Identifier as described in IEEE 
802. 1q standard for tagged packets. For an untagged Packet, this 
value is picked up from Port Based VLAN Table. 
CosDst - 3 bits long - Class of Service based on the Destination 
Address. COS identifies the priority of this packet. 8 levels of priorities 
as described In IEEE 802. 1p standard. 

Port Number - 6 bits long - Port Number Is the port on which this Mac 
address is learned. 

SD_Disc Bits - 2 bits long - These bits identifies whether the packet 
should be discarded based on Source Address or Destination Address. 
Value 1 means discard on source. Value 2 means discard on 
destination. 

C bit - 1 bit long - C Bit identifies that the packet should be given to 
CPU Port. 

St Bit - 1 bit long - St Bit identifies that this is a static entry (it is not 
learned Dynamically) and that means is should not be aged out. Only 
CPU 52 can delete this entry. 

Ht Bit - 1 bit long - Hit Bit-Thls bit Is set if there Is match with the 
Source Address. It is used In the aging Mechanism. 
CosSrc - 3 bits long - Class of Service based on the Source Address. 
COS identifies the priority of this packet. 

L3 Bit - 1 bit long - L3 Bit - identifies that this entry is created as result 
of L3 Interface Configuration. The Mac address in this entry is L3 
interface Mac Address and that any Packet addresses to this Mac 
Address need to be routed. 

T Bit - 1 bit long - T Bit identifies that this Mac address Is learned from 
one of the Trunk Ports. If there Is a match on Destination address then 
output port is not decided on the Port Number in this entiy, but is 
decided by the Trunk Identification Process based on the rules 
identified by the RTAG bits and the Trunk group Identified by the 
TGID. 
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TGID - 3 bits long - TGID identifies the Trunk Group if the T Bit is set. 
SOC 10 supports 6 Trunk Groups per switch. 

RTAG - 3 bits long - RTAG identifies the Trunk selection criterion if the 
destination address matches this entry and the T bit" is set in that entry. 
Value 1 - based on Source Mac Address. Value 2 - based on 
Destination Mac Address. Value 3 - based on Source, & destination 
Address. Value 4 - based on Source IP Address. Value 5 - based on 
Destination IP Address. Value 6 - based on Source and Destination 
IP Address. 

S C P - 1 bit long - Source CoS Priority Bit - If this bit is set (in the 
matched Source Mac Entry) then Source CoS has priority over 
Destination Cos. 

Module ID - 5 bits long - Module ID identifies the module on which this 
MAC address is learned. 

SOC 10 also includes a multicast table, for appropriate handling of 
multicast packets. One configuration of the multicast table would be 256 bits 
deep and 128 bits wide. The search fields of the multicast table could be, in 
one embodiment, as follows: 

Mac Address - 48 bits long - Mac Address. 

VLAN Tag - 12 bits long - VLAN Tag Identifier as described in IEEE 
802. 1q standard. 

CosDst - 3 bits long - Class of Service based on the Destination 
Address. COS identifies the priority of this packet. We support 8 
levels of priorities as described in IEEE 802. 1 p standard. 
Mc Port Bitmap - 31 bits long - Port Bitmap Identifies all the egress 
ports on which the packet should go. 

Untagged Bitmap - 31 bits long - This bitmap identifies the Untagged 
Members of the VLAN. i.e. if the frame destined out of these member 
ports should be transmitted without Tag Header. 
Module Id Bitmap - 32 bits long - Module Id Bitmap identifies all the 
Modules that the packets should go to. 
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It should also be noted that VI_AN tables 23 include a number of table 
formats; all of the tables and table formats will not be discussed here. 
However, as an example, the port based VLAN table fields are described as 
follows: 

Port VLAN Id - 12 bits long - Port VLAN Identifier is the VLAN Id used 
by Port Based VLAN. 

Sp State - 2 bits long - This field identifies the current Spanning Tree 
State. Value 0x00 - Port is in Disable State. No packets are accepted 
In this state, not even BPDUs. Value 0x01 - Port is in Blocking or 
Listening State. In this state no packets are accepted by the port, 
except BPDUs. Value 0x02 - Port is in Learning State. In this state 
the packets are not forwarded to another Port but are accepted for 
learning. Value 0x03 - Port is in Forwarding State. In this state the 
packets are accepted both for learning and forwarding. 
Port Discard Bits - 6 bits long - There are 6 bits in this field and each 
bit identifies the criterion to discard the packets coming in this port. 
Note: Bits 0 to 3 are not used. Bit 4 - If this bit is set then all the 
frames coming on this port will be discarded. Bit 5 - If this bit is set 
then any 802. 1q Priority Tagged (vid = 0) and Untagged frame coming 
on this port will be discarded. 

J Bit - 1 bit long - J Bit means Jumbo bit. If this bit is set then this port 
should accept Jumbo Frames. 

RTAG - 3 bits long - RTAG identifies the Trunk selection criterion if the 
destination address matches this entry and the T bit is set in that 
entry. Value 1 - based on Source Mac Address. Value 2 - based on 
Destination Mac Address. Value 3 - based on Source & destination 
Address. Value 4 - based on Source IP Address, Value 5 - based on 
Destination IP Address. Value 6 - based on Source and Destination 
IP Address. 

T Bit - 1 bit long - This bit identifies that the Port is a member of the 
Trunk Group. 
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C Learn Bit - 1 bit long - Cpu Learn Bit - ,f this bit is set then the 
packet is send to the CPU whenever the source Address is learned 
PT - 2 bits long - Port Type identifies the port Type. Value 0 -10 Mbit 
Port. Value 1-100 Mbit Port. Value 2-1Gbit Port. Value 3-CPU Port 
VLAN Port Bitmap - 28 bits long - VLAN Port Bitmap .dent^es all the 
egress ports on which the packet should go out 
B Bit - 1 bit long - B bit is BPDU bit. If this bit is set then the Port 
rejects BPDUs. This Bit is set for Trunk Ports which are not supposed 
to accept BPDUs. hh^ocu 

.rL'AT " """^ " ^'""^ ^"^"o ""^'c- 

this port belongs to. 

Unuigged Bi*nap - 28 bHs teng - This b«map identlfes .he Untegged 

ports should be transmitted without Tag Header 

M Bits - 1 bit long - M Bit is used for Mirroring Fur,ctionali.y. ,„his bit 

IS set then mirroring on Ingress is enabled. 

SOC 10 may also include a plurality of 802.1Q tagged VLAN fables 

VLAN Port Bl*nap - 28 bits long - VUN port bitmap identifies all of 
the egress ports on which the packet should be sent 
On^gged Bitmap - 28 btts long - This bitmap identifies the untagged 
members of the VLAN. Therefore, this bitmap ident^es if the f^me 
fl^m mese member ports should be transmitted with or without a tag 

Figure ^rThe ARL "'''""^ ^"^ -'^-'ng to 

arorgo^H^Z^^^^^^^^^ 

based u^n tagged v^Ce^^^^^^^^ 

sseo VLAN table 231 , which is part of VIAN table 23. If the 
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packet does not contain this tag, then the ARL engine performs VLAN lookup 
based upon the port based VLAN table 232. Once the VLAN is identified for 
the inconning packet, ARL engine 143 performs an ARL table search based 
upon the source MAC address and the destination MAC address. If the results 
5 of the destination search is an L3 interface MAC address, then an L3 search 
is perfomied of an L3 table within ARL/L3 table 21. If the L3 search is 
successful, then the packet is modified according to packet routing rules. 

To better understand lookups, learning, and switching, it may be 
advisable to once again discuss the handling of packet 1 12 with respect to 

10 Figure 8. If data packet 1 12 is sent from a source station A into port 24a of 
EPIC 20a, and destined for a destination station B on port 24c of EPIC 20c, 
ingress submodule 14a slices data packet 1 12 into cells 1 12a and 1 12b. The 
ingress submodule then reads the packet to determine the source MAC 
address and the destination MAC address. As discussed previously, ingress 

15 submodule 14a, in particular ARL engine 143, perfonns the lookup of 
appropriate tables within ARL/L3 tables 21a, and VLAN table 23a, to see if 
the destination MAC address exists in ARL/L3 tables 21a; if the address is not 
found, but if the VLAN IDs are the same for the source and destination, then 
ingress submodule 14a will set the packet to be sent to all ports on the VLAN. 

20 The packet will then propagate to the appropriate destination address. A 
"source search" and a "destination search" occurs In parallel. When the 
source address is not found on a source lookup, a source lookup failure (SLF) 
occurs. Upon the occurrence of an SLF, the source MAC address of the 
incoming packet is "learned", and therefore added to an ARL table within 

25 ARL/L3 tables 21a. After the packet is received by the destination, an 
acknowledgment is sent by destination station B to source station A. Since 
the source MAC address of the incoming packet is learned by the appropriate 
table of B, the acknowledgment is appropriately sent to the port on which A 
is located. The destination address for the acknowledgment packet or. 

30 packets is known since it was previously the source address which was 
learned as a result of the initial SLF. When the acknowledgment is received 
at port 24a, therefore, the ARL table learns the source MAC address of B 
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from the acknowledgment packet. It should be noted that as long as the 
VLAN IDs (for tagged packets) of source MAC addresses and destination 
MAC addresses are the same, layer two switching as discussed above is 
performed. L2 switching and lookup is therefore based oh the first 16 bytes 

5 of an incoming packet. For untagged packets, the port number field in the 
packet is indexed to the port-based VLAN table within VLAN tgble 23a, and 
the VLAN ID can then be determined. If the VLAN IDs are different, however, 
L3 switching is necessary wherein the packets are sent to a different VLAN. 
L3 switching, however, is based on the IP header field of the packet. The IP 

0 header includes source IP address, destination IP address, and TTL (time-to- 
live). 

If data packet 112 were sent from a source station A into port 24a of 
EPIC 20a, and was destined for IPIC 90, the same learning process upon 
occurrence of an SLF, and the same sending of the packet to all ports upon 

5 the occurrence of a DLF, would occur. IPIC 90 is treated essentially as any 
other port on SOC 1 0, with notable exceptions regarding the existence of NBP 
92, as discussed above and as will be discussed below. 

In order to more clearly understand layer three switching on SOC 10, 
data packet 1 12 is sent from source station A onto port 24a of EPIC 20a, and 

0 is directed to destination station B; assume, however, that station B is 
disposed on a different VLAN, as evidenced by the source MAC address and 
the destination MAC address having differing VLAN IDs. The lookup for B 
would be unsuccessful since B is located on a different VLAN, and merely 
sending the packet to all ports on the same VLAN would result in B never 

5 receiving the packet. Layer three switching, therefore, enables the bridging 
of VLAN boundaries, but requires reading of more packet information than 
just the MAC addresses of L2 switching. In addition to reading the source and 
destination MAC addresses, therefore, ingress 14a also reads the IP address 
of the source and destination. As noted previously, packet types are defined 

0 by IEEE and other standards, and are known in the art. By reading the IP 
address of the destination, SOC 10 is able to target the packet to an 
appropriate router interface which is consistent with the destination IP 



BNSDC3CID: <WO_00660a4Aa.l_> 



wo 00/56024 



PCT/USOO/06942 



41 

address. Packet 1 1 2 is therefore sent on to CPS channel 80 through dispatch 
unit 18a, destined for a port connected to an appropriate router interface (not 
shown, and not part of SOC 10), upon which destination B is located. Control 
frames, identified as such by their destination address, are sent to CPU 52 via 
5 CMIC 40. The destination MAC address, therefore, is the router MAC address 
for B. The router MAC address is learned through the assistairice of CPU 52, 
which uses an ARP (address resolution protocol) request to request the 
destination MAC address for the router for B, based upon the IP address of 
B. Through the use of the IP address, therefore, SOC 10 can learn the MAC 

10 address. Through the acknowledgnrient and learning process, however, it is 
only the first packet that is subject to this "slow" handling because of the 
involvement of CPU 52. After the appropriate MAC addresses are learned, 
linespeed switching can occur through the use of concurrent table lookups 
since the necessary information will be learned by the tables. Implementing 

1 5 the tables in silicon as two-dimensional arrays enables such rapid concurrent 
lookups. Once the MAC address for B has been learned, therefore, when 
packets come in with the IP address for B, ingress 14a changes the IP 
address to the destination MAC address, in order to enable linespeed 
switching. Also, the source address of the incoming packet is changed to the 

20 router MAC address for A rather than the IP address for A, so that the 
acknowledgment from B to A can be handled in a fast manner without 
needing to utilize a CPU on the destination end in order to identify the source 
MAC address to be the destination for the acknowledgment. Additionally, a 
TTL (time-to-live) field in the packet is appropriately manipulated in 

25 accordance with the IETF (Internet Engineering Task Force) standard. A 
unique aspect of SOC 10 is that all of the switching, packet processing, and 
table lookups are performed in hardware, rather than requiring CPU 52 or 
another CPU to spend time processing instructions. It should be noted that 
the layer three tables for EPIC 20 can have varying sizes; in a preferred 

30 embodiment, these tables are capable of holding up to 2000 addresses, and 
are subject to purging and deletion of aged addresses, as explained herein. 
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As mentioned previously, when a data packet 112 enters SOC 10 
through a port 24 and is sent to ingress submodule 14, an address lookup is 
performed on ARL/L3 table 21 to determine if that address has already been 
learned. The lookup is logically performed on an appropriate table 21 by a 
search engine 210, as shown in Figure 38. Lookups are typically enabled by 
the fact that the tables are stored in sorted order, and addresses are 
searched utilizing a binary or lockstep-type search method. 

The present invention includes a method and structure for accelerating 
searches within an address table 21 , such as a layer 2 table. Referring to 
Figure 39, a more detailed view of an accelerated lookup configuration Is 
disclosed with respect to address table 21 and search engine 210. In one 
example, address table 21 might be a single 8K sorted table that is searched 
by a single search engine 210. In the accelerated example shown in Figure 
38, this single address table 21 is split into two half-sized tables 21 1 and 212, 
with each half-sized table having 4K entries. The table can be split by having 
address table 211 contain all of the even addressed entries from original 
address table 21, and table 212 containing all of the odd addressed entries 
from original address table 21 . By splitting the original address table 21 Into 
two separate tables based upon the last bit of the table address, each of 
tables 21 1 and 212 remain in sorted order, and contain entries from the entire 
address range of the original table 21. Search engine 210 can then be 
divided Into two separate search engines, first search engine 21 3 and second 
search engine 214, as shown In Figure 38, which are configured to perform 
simultaneous address lookups for two data packets. In SOC 1 0, since each 
EPIC module 20 and/or GPIC module 30 has a plurality of ports, packets are 
queued for lookup. Concun-ent and/or simultaneous lookups are possible, as 
the search algorithm which Is Implemented in SOC 10 does not differentiate 
between even and odd addressed entries until the very last search cycle. 
This optimization, therefore, enables a significant amount of the searching for 
two separate packet addresses to be performed simultaneously, in parallel, 
thereby neariy doubling throughput, even though the actual time required to 
complete each individual lookup does not change. 
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Therefore, when two packets con^e Wo an EPIC module 20 for 
address lookup, source and destination address lookups are interieaved 
thereby time multiplexing the resources of SOC 10 for maximum efficiency' 
The utifeation of two search engines 2 1 3 and 214 enables the search engines 
to operate in a simultaneous manner as they search tables 211 and 212 
utilizing different search keys. Only the last comparison in the binary search 
wil^lfferentiate between even and odd addresses. Therefore, firan 8K deep 
addi^ss table 21 that is divided into two 4K deep tables, 211 and 212 the first 
twelve search cycles for the incoming packet addresses are done in parallel 
wh,le the 1 3th and final search cycle, which is conducted only if the ,espec«ve 
search engine has not yet found a match for a desired address in the address 
•able, requires an access to the other address table to locate the desired 
address. Referring to Figure 40a, an original un-divided table is shown as 21 
Rgure 40b illustrates how. In this embodiment of the invention, table 21 Is 
d.v,dedintotwo,ables211 and212. wherein table211 contains even address 
loca,,ons and table 212 contains odd address loca«ons, both remaining in 
sorted order. 

'^^^«'«»«'<«'"Pteoftheoperationofthisembodiment,assumeafirst 
data packet and a second data packet come into a single GPIC 20 on SOC 
10. and are submitted for address lookups. Assume that the first packet 
comes from MAC address D, and is destined for a MAC address AE The 
second packet is coming from MAC address 2 and is destined for MAC 
address AH. In a switch requiring a four clock cycle overhead, the address 
lookups begin essentially simultaneously at clock cycle4, with the first packet 
be,ng handled by firs, search engine 213, and the second packet being 
handled by second search engine 214. First search engine 213 initially 
searches the even address memory tecations in table 211, while second 
search engine 214 searches the odd address memory locations in table 212 

asrllustrated by Figure40b.Thetablesbeing appropriately soried,thesearch 
engines a^ configured to initiate binary searches which proceed in a lockstep 
or Pai^lte. manner beginning a, the middle entry of the respective tables 
Therefore, first search engine 213 initiates searching of table 211 at memory 
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address location 16. and compares the source address D of the first data 
packet as the source search key with entry Q. which is stored at memo.^ 
address location 16. as shown in Figure 40b. The result of this corr^parison 
.s the determination that the first search engine 213 should continue 
searching for the desired address at lower memory address locations as 
address entry Q is numerically greater than the desired address Q, indicating 
that the desired address, if in the table, must be stored at a lower memory 
address location. As discussed previously, both a source address and a 
destination address lookup for each data packet must be performed 
Therefore, at clock cycle 5. first search engine 213 compares the destination 
address AE of the first data packet as the search key with the entry Q stored 

.0 middle memory address locationie.anddetermlnes that the search Should 
continue at higher memory address locations, as entry Q is numerically in 
hexadecimal, lower than the desired address AE. This Indicates that ihe 

desired destination address, if in the table, mustbe stored atahighermemory 
address location. At clock cycle 6. first search engine 213 looks in memory 
address location 8. comparing the search key D with entry I, and detemilnes 

hat the search should continue at lower memory address locations, in similar 
fashion to that which is discussed above. At clock cycle 7. first search engine 
213 looks in memory address location 24. comparing destination search key 
AE with entry Y, and determines that the search should continue at higher 
memory address locations. At clock cycle 8. first search engine 213 looks in 
memory address location 4. comparing source search key D with the entry E 
stored at that location. As a result of the comparison, it is detemiined that the 
search should continue at lower memory address locations. At clock cycle 9 
first search engine 213 looks In memory address location 28. comparing the 
destination search key AE with address entry AC. and determines that the 
search should continue at higher memory address locations. At clock cycle 
10. first search engine 213 looks in memory address location 2 and compares 
source search key D with entry C. and determines that the search should 
continue in the odd address table 212 at memory address location 3 This 
detemiinatlon is a result of the first search engine 213 detemilning that the 
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desired address D has not been found in either memory address locations 2 
or 4. which are sequential entries that numerically surround the desired 
address. Therefore, in view of this situation, it is known that the desired 
address does not reside in the first table 211, and thus, the first search engine 
5 213 must attempt to look in the second address table 2 1 2 at memory address 
location 3, as this memory address location is interstitially positioned between 
the previously searched memory address locations 2 and 4. At clock cycle 
11. first search engine 213 looks in memory address location 30. the final 
memory address location in the even address table 211, comparing 

10 destination search key AE with entry AE. and determines that the result is a 
hit at clock 12. Inasmuch as a hit was determined, first search engine 213 
does not continue to search for AE in the odd address table 212, as the 
destination address lookup for the first packet is complete. However, the 
source address is still not found, and therefore, at clock cycle 12, first search 

15 engine 213 looks in the odd address table 212 at memory address location 

3. comparing source search key D with entry D, and determines that the result 
is a hit at clock cycle 13, Thus, the address lookup for the first packet is 
complete, as both the source and desfination addresses have been found 
within the respective address lookup tables. 

20 While search engine 213 is conducting the aforementioned lookups 

associated with the source and destination addresses of the first data packet, 
second search engine 214 is simultaneously performing the lookups for the 
source and destination addresses of the second data packet. At clock cycle 

4. simultaneously with first search engine 213*s comparison of even memory 
25 address location 16, second search engine 214 looks in odd memory address 

location 17, which represents the middle of the odd address table 212. 
Second search engine 214 compares source search key Z with the address 
entry R, and determines that the search should continue at higher memory 

0 

address locations, as R is numerically less than the desired address. At clock 
30 cycle 5, second search engine 214 looks in memory address 17, comparing 
destination address search key AH with entry R. and determines that the 
search should continue at higher memory address locations, as the desired 
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address is numerically less than the entry stored at memory address location 
17. At clock cycle 6. second search engine 214 looks in memory address 
location 25. comparing the source search key 2 with entry Z. and determines 
that the result is a hit at clock 7. The source address lookup for the second 
data packet is therefore complete. At clock cycle 7. second search engine 
214 continues looking for the destination address by looking in memory 
address location 25, and comparing the destination search key AH with entry 
Z. Th.s comparison detemriines that the search should continue at higher 
memory address locations. At clock cycle 9. second search engine 214 
evaluates the contents of memory address location 29. comparing destination 
search key AH with entry AD. and detemiines thatthe search should continue 
at higher memory address locations. Atclockcycle 11. second search engine 
214 looks in memory address location 31. compares the destination search 
key AH with entry AF. and determines that the result is a miss at clock 12 
The destination address lookup forthe second packet is therefore complete 
The destination address lookup for the second packet does not require a final 
read from the even addressed table 213; search engine 214 detemiines a 
m,ss When the results of the final search does not provide a pointer to table 
211 from table 212. 

As a second example, assume that a first data packet comes into a 
port on EPIC 20 on SOC 10 from MAC address A that is destined for a MAC 
address J J, while a second data packet concurrently comes into another port 
on EPIC 20 Of SOC 10 from MAC address G and is destined for MAC address 
CC. In a switch again requiring a four clock cycle overhead, the address 
lookups begin at clock cycle 4. with the first packet being handled by first 
search engine 213. and the second packet being handled by second search 
engine 214. First search engine 213 initially searches the even address 
ocation table 21 1 . and second search engine 214 searches the odd address 
location table 212. V^th the tables 211 and 212 being appropriately divided 
and sorted from the primary address table, as shown in Figures41a and 41b 
the search engines are again configured to initiate a binary or lockstep-type 
search operation at the middle address location of the respective tables 
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Therefore, a. clock cycle 4, Hrst search er,gine 213 compares the source 

address search keyAWthentryVstoredatmemoryaddresslocation 16 ar,d 
de.ermir,es that the search should continue a, lower memory address 
locations, as the hexadecimal numerical value of the desired address is 
greater than the entry. At ctocK cycle 5 first search engine 213 compares 
desfnafon address search key JJ with entry Y, and defermines that the 
search should continue at higher memo^ address locations, as the 
hexadecimal numerical value of the desired address is less than the entry 
A. clock cycle 6, flr.t search engine 213 compares the source addmss search 
key to entry M stored at memory address location 8, and detem,ines that the 
search should continue at lower memory address locations: At clock cycle 9 
fi^t search engine 213 compares the destination add^s search key to entry 
KK s ored at memory address location 28. and detem,ines that the search 
Should continue a, lower men«ry address locations. At clock cycle 10 first 

searchengine213compa,estt,esourceaddress search keytoentryDstored 
at memory address locaUon 2. and dafem,ines that the search should 
contrnue at lower memory address locations. At clock cycle 1 1 . first search 
engine 213 compares the destination address search key to entry GH stored 
at memory address location 26, and detem^ines that the search should 
continue in the odd address table 212 at memory address location 27 This 
detennination is based upon the fact that search engine 213 has compared 

theentnes in adjoining memory address locations 26and28tothedestinatk>n 
search key, and has detemnined that the desired address, if in the table 
would be stored in a memory address location between these two memory 
address locations. As such, the only remaining memory address locaBon 
available to search In the lockstep-type operation Is memory address location 
27 in the odd address table 212. At dock cycle 12. fi^t search engine 213 
compares ,l,e source address search key to entry B stored at memory 
lo«f on 0. and detemiines that the search has revealed a miss. Inasmuch as 
enhy B is the lowest numerical address in the tables, a miss is detem,ined 
and thereafter a,e source MAC address A must be learned and inputted into 
the table at the appropriate location to maintain the sorted order of the table 
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Which will be disoossed he,«in. At clock cycle 13, firs, search engine 213 
:„:pares*edestina,ionaddresssearc.Kev.a.oen..0.s.^^^^^^^^ 
address locaSon 27 otthe odd address,ab.e 212, and de.en.,nes .hat a h,t 

has ^^^^ completion of the aforementioned steps, the source 

address of the first data packet has not been located, and thus myst be 
learned and stored in the address tables. However, the destination address 
of the first data packet was found a. memory k«a«on 27 in the odd address 
table 212. and therefore, a hit was declared for this address. As such, tl^a 
11 operation for the source and destination addresses for the firs da^ 
packet has been completed. However, as with the previous exannp e. the 
Lurce and destinaUon addresses of the second data packet must also be 
searched within the address tables. 

Therefore, simultaneously wHh the aforementioned steps assoca ed 
,^h the first search engine 213 searching the even 
second search engine 214 undertakes a search of the odd -•'"'^^^^ 
forthe source and des«na«on addresses of the second datapacket. Second 
search engine 214 begins at clc«k cycle 4 by comparing the ^"^^^ 
search key G wKh the address entry AA stored at memory address «a.on 
17 in odd address table 212. This comparison yieWs the detem„nat»n mat 
«,e search should continue a. lower memory address locations, as entry G >s 
numerically less than address entiy AA. At clock cycle 5 second search 
engine 2ll compares the destination address search key CC with the en^ 
AA stored at memory address location 17. This companson yrelds *e 
detemiinaaon that the search should continue at higher 
locattons. At clock cycle 6 second search engine 214 compares the sour« 
address search key G to the entry N stored at memory address locatron 9. 
second searchengine214detem,.nesthatent,yNisnumericallygreaterthan 

the desired address, and therefore the search to be continued at lower 
memory address locations. At dock cycle 7 second search engine 214 
compares the destination address search key CC to entry CF stored m 
memory address location 25 and detem,ines that the search should contnue 
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search key G. At clock cycle 14 a hit Is determined for the source address, 
and second search engine 214 continues to search for the dest.nat.on 
address of the second data packet by comparing the — ^^^^ 
search key CC with the entry CC stored in the even address tab e 211 
Zory address location 24. At Cock cycle 15 a hit Is determined for the 

destination address. w<.„«r.ation 
upon complet,on of clock cycle 15, both the source and destination 

address lookup for the first and second data packets is conaplete. The source 
address of theflrst data packet was notfound Within the tables.and therefore 

had to be .earned and appropriately inserted into the tables. The 'en,a.n,ng 
addresses, including the destination address o, the first data P-^^'-^ *; 
source and des«na.lon addresses of the second data packet, were found 

within the address tables. ,^ ,hr,^^ a 

in instances where an address must be learned, as noted above, a 
specific operational procedure is followed. As an example, the pnmary 
address tie. as shown in Figure 42, is again split into the first an ^oond 
address tables 211 and 212, as shown in Figure 42a. '^-- ^^^'T 
F needs to be learned as a result of a search operation not finding that 
address w«hin flie tables. Inasmuch as the address entries stored wrthin the 
, tables are in sorted order, address F would logically belong in memory 
address locafion 4. if the sorted order Is to be maintained upon mserfion. 
However, memory address location 4 is currently occupied wrth entry G. 
Therefore, in order to make room for address F to be learned and properly 
. stored at memoiv address location 4. each of the entries in memory address 
,5 locafions 4 through 26 need to be moved or shitted upward to the ad,acen, 
memory address locations, thereby opening memory address location 4. To 
accomplish the shift of these addresses entries, a learning state machine 
reads address entry GH from memory address location 26 and address entey 
CF from memory address location 25 on a single clock cycle. Address ertry 
30 GH is then written to memoiy address location 27, while address entry CF is 
written to memory address locafion 26, again on the same clock cycle. T^is 
simultaneous readA-mte pair-type operation continues downward through the 
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at lower memory address locations. At clock cycle 8 second search engine 
214 compares the origin address search key G to entry J stored in memory 
address location 5, and determines that the search should continue at lower 
memory address locations. At clock cycle 9 search engine 214 compares the 
5 destination search address search key to the entry BC stored at memory 
address location 21 and determines that the search should ccnitinue at higher 
memory address locations. At clock cycle 10 search engine 214 compares 
the source address search key G to the entry E stored at memory address 
location 3 and detemiines that the desired address is numerically greater than 

10 entry E. Thus, Inasmuch as the desired address has been previously 
determined to be greater than the entry at odd memory address location 3 
during clock cycle 10 and less than the entry at odd memory address location 
5 in clock cycle 8, second search engine 214 detemiines that the next 
comparison will be in the even address table 21 1 at memory address location 

15 4. At clock cycle 11 second search engine 214 compares the destination 
address search key CC to the entry BE and determines that the search should 
continue at higher memory address locations. However, second search 
engine 214 has already searched the adjoining higher memory address 
location, which was memory address location 25, in clock cycle 7. Therefore, 

20 second search engine 214 detemriines that the next comparison for the 
destination address will be in the even address table 21 1 at memory address 
location 24. At clock cycle 12 second search engine 214 attempts to search 
the even address table 211 for the source address search key G; however, 
as discussed above, first search engine 21 3 is executing a lookup for source 

25 address key A at memory address location 0 in the even address table 21 1 
during this particular clock cycle, and as such, second search engine 214 
stalls during this clock cycle and is unable to execute the comparison. At 
clock cycle 13 first search engine 213 has completed its lookup in the even 
address table 21 1 , and second search engine 214 is then allowed to continue 

30 with the previously stalled address lookup in the even address table 211. 
Therefore, at clock cycle 13 second search engine 214 compares entry G 
stored in even address table memory location 4 with the source address 
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memory address locations within the tables until entries K and J are read from 
memory address locations 6 and 5. and are respectively written Into memon^ 
address locations 7 and 6. At this time entry G is read from memory address 
location 4 and written Into memory address location 5 vacated by address J 
in the previous shift. This results in the desired vacancy in memory address 
location 4. thus providing space for the learned memory adtjress F to be 
written into memory address location 4. As a result of this particular table 

configuration, the learning rate nearly doubles thatofthesingle table scheme 
In the situation where a single data packet arrives from an ingress and 
requires address resolution, and there are no other queued data packets 
awaiting address lookup, then the search engine handles the address lookup 
for the data packet singly. If immediately after the lookup for the single data 
packet is started, a flood of data packets arrives from the other ingresses 
then in the worst case, the newly arrived data packets must wait for 30 clock 
cycles while the source and destination addresses of the single data packet 
are looked up in the tables before the search engines can begin lookup for the 
newly arrived data packets. If any of the newly arrived data packets are from 
the gigabit ports, then any arbitration scheme must be configured to assign 
higher priority to those data packets, as their address lookups must all be 
completed within 90 clock cycles after the single data packet's address 
lookups are completed. 

The present invention provides a clear advantage over single address 
table lookup schemes, as the great majority of the concurrent searches are 
conducted in parallel. Therefore, in the case where both searches require 
only log, (toWe^i^e) comparisons, perfomiance doubles, irrespective of 
address insertions and deletions, as these operations are of a lower priority 
and have no affect on perfomiance. As a specific example, perfomiance for 
the parallel operation is calculated by multiplying the number of cycles per 
search by the number of clock cycles per search cycle, and then adding the 
clock overhead. This calculation is represented by the following equation: 
Performance=(#cycles parallel) (2clocks/search cycle) + overtiead (1) 
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Therefore, the performance for an 8k table using the present invention is 
represented by the following: 

^8* = C 3) (2)+4 = 30 clock cycles for 2 packets or 

15 clock cycles for a single data packet (2) 

Performance for a 16k table using the present invention is represented by the 
follov\/ing: 

^6* = (14) (2)+4 = 32 clock cycles for 2 packets or 

16 clock cycles for a single packet (3) 

If only a single data packet requires an address lookup, the following 
represents the search time to accomplish the lookup with the present 
Invention: 

■Pg* = (13) (2)+4 = 30 clock cycles per packet (4) 
P\6k = (''4) (2)+4 = 32 clock cycles per packet (5) 

Therefore, the present invention provides a substantial increase in the 
performance of the address lookup time over a single table ARL, while not 
requiring the use of any additional memory. Furthermore, the lookup and 
learning latency of the present invention is cut nearly in half over single table 
ARL's, as the majority of the reads and writes associated therewith can be 
accomplished in parallel, thereby reducing the number of clock cycles 
necessary to complete the shifting of memory addresses and the insertion of 
a learned address. Additionally, as the table size is increased from 8k to 16k, 
the performance decreases by only two clock cycles in the worst case. 

Furthemnore, the embodiments of the present invention discussed 
above can be physically implemented in a number of ways. For example, the 
address tables and search engines of the present invention can be 
implemented in hardware, such as on a single semiconductor substrate in 
conjunction with the various components of SOC 10. Alternatively, the 
address tables and search engines could be implemented as separate 
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discrete hardware components that are in electrical connection with the 
components of SOC 10. Further, the tables and search engines associated 
with SOC 10 can be implemented and searched through software, both 
exclusively or partially. Additionally, although the present apparatus and 
5 method is disclosed in conjunction with address resolution in a network 
switch, the apparatus and method of searching a sorted table, recited herein 
is contemplated to apply to various alternative applications. Therefore, the 
recitation of the implementation of the apparatus and method in conjunction 
with address resolution is not intended In any way to limit the scope of the 
10 present invention, as the present invention could effectively be utilized in any 
sorted table searches. 
Filtering: 

Referring again to the discussion of Figure 14, as soon as the first 64 
(sixty four) bytes of the packet arrive in input FIFO 142, a filtering request is 

15 sent to FFP 141. FFP 141 includes an extensive filtering mechanism which 
enables SOC 10 to set packet filters on any field of a packet from layer 2 to 
layer 7 of the OS! seven layer model. Filters are used for packet classification 
based upon various protocol fields within the packets themselves. Various 
actions are taken based upon the packet classification, including packet 

20 discard, sending of the packet to the CPU, sending of the packet to other 
ports, sending the packet on certain COS priority queues, and changing the 
type of service (TOS) precedence, for example. Filters are also commonly 
used for implementing security features, as they can be configured to allow 
a packet to proceed only if there is a filter match. If there is no match, then 

25 the actions associated with exclusive filters can be taken. A further 
discussion of filters, both inclusive and exclusive, will be presented later. 

It should be noted that SOC 10 has the capability to handle both 
tagged and untagged packets coming into the switch. Tagged packets are 
tagged in accordance with IEEE standards, and include a specific IEEE 

30 802. 1 p priority field for the packet. Untagged packets do not have a tag, and 
therefore, do not include an 802. 1p priority field. SOC 10 can assign an 
appropriate priority value for the packet based upon either the Incoming port 
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or the destination address. As noted in the ARL table format discussed 
herein, an SCP (Source COS Priority) bit is contained as one of the fields of 
the table. When this SCP bit is set. SOC 10 will assign a weighted based 
upon a source COS value in the ARL table. If the SCP is hot set, then SOC 
5 1 0 will assign a COS for the packet based upon the destination COS field In 
the ARL table. These COS values are three bit fields in the 4RL table, as 
noted previously in the ARL table field descriptions. 

FFP 141 is essentially a state machine driven programmable rules 
engine. The filters used by the FFP in a first embodiment are 64 (sixty-four) 
1 0 bytes wide, and are applied on an incoming packet. In some embodiments, 
a 64 byte filter mask can be used and applied to any selected 64 bytes or 51 2 
bits of a packet. In another embodiment, however, a filter can be created by 
parsing selected fields of an incoming packet such that a 64 byte filter mask 
is created, which will be selectively applied to fields of interest of an incoming 
packet. In yet another embodiment, a filter can be created by applying a 
predetennined number of offsets to the incoming data packet 112, wherein a 
predetermined number of bytes immediately following each individual offset 
are parsed from the packet and thereafter concatenated together to form a 
filter value utilized in the filtration process. 

Filters, as previously stated, are mainly used for packet classification 
based upon certain selected protocol fields in the packet. Based upon the 
packet classification, a plurality of actions can be taken. The actions may 
include discarding of the packets, sending of the packets to the CPU. sending 
the packets to a mirrored port, priority mapping. TOS tag modification, etc. 
In one embodiment. FFP 141 includes filtering logic 1411 . Illustrated in Figure 
15, which selectively parses predetennined fields from the incoming data 
packets, thereby effectively obtaining the values of the desired fields from the 
MAC. IP, TCP. and UDP headers. Figure 20 is a table illustrating the various 
important fields, and their respective offsets for various packet types. Other 
fields that may be related to IPX and/or other fields may also be utilized in this 
filtration scheme through selection of these particular fields to be parsed from 
the packet upon filtration. 
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SOC 10 includes a filter database which contains a plurality of filter 
sets. In one example, two sets of filters may be provided, each containing 
eight filters and an associated rules table being 512 entries deep. Figure 21 A 
illustrates the format for a filter mask, showing the various fields thereof, 
including the Field Mask field. The specific fields of the filter mask are as 
follows: 

Field Mask - 512 bits long - Field Mask consists of several Protocol 
Masks. For the fields, which are of interest the Mask is set to all I's 
and for other fields the mask is set to zero. 

Egress Port Mask - 6 bits long - Egress Port Mask- This Egress Port 
Mask is set to all Vs only if the Egress Port is part of the Filter. 
Egress Modid Mask - 5 bits long - Egress Module Id Mask - This 
Module Id Mask is set to all I's only if the Egress Module Id Is part of 
the Filter. 

Ingress Port Mask - 6 bits long -The Ingress Port Mask is set to all 1 's 
only If the Ingress Port is part of the Filter. 

Data Offset 1 - 7 bits long - Data Offset 1 - The 7 bit data offset Is 
used to set the Data Mask for 8 bytes of Data 1 anywhere In first 128 
bytes of the packet. 

Data Offset 2 - 7 bits long - Data Offset 2 - The 7 bit data offset Is 
used to set the Data Mask for 8 bytes of Data 2 anywhere in first 128 
bytes of the packet. 

Data Offset 3 - 7 bits long - Data Offset 3 - The 7 bit data offset is 
used to set the Data Mask for 8 bytes of Data 3 anywhere in first 128 
bytes of the packet. 

Data Offeet 4-7 bits long - Data Offset - The 7 bit data offset is used 
to set the Data Mask for 8 bytes of Data 4 anywhere in first 128 bytes 
of the packet. 

No Match Action - 13 bits long - No Match Action - This field is valid 
only if the No Match Action Enable Bit is set to 1 . No Match Action Is 
applied only if the filter does not match any of the Entries in the Rules 
Table. The following Actions are defined: Bit 0 - If this bit is set then 
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change 802.1 p Priority in the packet, the Priority is picked up from the 
802. 1p priority field. Bit 1 - If this bit is set then categorize this packet 
to send on priority COS Queue, but don't modify the 802. 1p priority 
field in the packet tag header. Again the priority is picked up from the 
5 802. 1p Priority field. Bit 2 - If this bit is set then change IP TOS 

Precedence in the IP Header. The new TOS Precedence value is 
picked up from the TOS_P field. Bit 3 - if this bit is set then send the 
packet to CPU. Bit 4 - if this bit is set then discard the packet. Bit 5 - 
If this bit is set then select the output port from the Port Field. If the 

"•0 Packet is a Broadcast, Multicast or a DLF then this action is not 

applied. Bit 6 - If this bit is set then the packet is sent to the "Mirrored- 
To" port. Bit 7 - is a reserved bit. Bit 8 - If this bit is set then the value 
of 802.1 p Priority field is picked up from the TOS Precedence field in 
IP header. (TOS_P->COS). Bit 9 - If this bit is set then the value of 
TOS Precedence field in IP header is picked up from the 802. 1p 
Priority field. (TOS_P->COS). Bit 1 0 - If this bit is set then the value of 
Differentiated Sen/ices (DS) is picked up from Differentiated Services 
Field. Bit 1 1 - if this bit is set, then select the output port and output 
module id from the filter mask independent of packet type. Bit 12 - 

20 reserved. 

NMA Enable - 1 bit long - No Match Action Enable - If this bit is set 
then No Match Action field Is a valid field. Also the way the search is 
done in the Rules Table is slightly different. 

802.1 p Priority Bits - 3 bits long - 802.1 p Priority Bits - The value in 
25 this field is used to assign the priority to the packet. The 802.1 p 

standard define 8 levels of priorities from 0 to 7. The field is used only 
if bit 0 or bit 1 of Action Field is set. 

TOS_P field - 3 bits long - TOS_P field - The value in this field is used 
to assign the new value to TOS Precedence field in the IP Header. 
30 This field is used only if bit 2 of Action Field is set. 



BNSDOCID: <WO_CI0S«e4A8_l.> 



wo 00/56024 



PCTAJSOO/06942 



57 

Differentiated Services - 6 bits long - Differentiated Services - The 
value in this field is used to assign the new value to the Differentiated 
Services Field in IP Header. 

Output Port - 6 bits long - This field identifies the output Port Number. 
5 This port oven-ides the egress port selected by ARL. 

Output Module id - 5 bits long - This field identifies the output Module 
Number. The output Module, output Port combination overrides the 
Egress Port, Module Id selected by ARL. This field is valid only if 
Remote Port Bit is set. 
10 Remote Port Bit - 1 bit long - If this bit is set then the Egress Port is 

on the Remote Module and the Port is identified by the Output Module 
Id and Output Port combination. 

Filter Enable Bit - 1 bit long - If this bit is set then the Filter is Enabled. 
Counter - 5 bits long - Counter Index - this is the counter, which needs 

15 to be incremented. 

Figure 22 is a flow chart which illustrates filtering in SOC 10 in a first 
embodiment, using FFP 141 and the filtering configuration discussed above. 
An incoming packet coming in to an ingress of an EPIC 20 or GPIC 30 is 
subjected to address resolution through the address resolution logic shown 

20 at step 22-1 . After the address resolufion is completed, FFP 141 selectively 
parses the packet of step 22-2 and obtains the values of preselected fields 
associated with the packet. Depending upon the type of packet, whether it be 
Ethernet type II, 802.3. IP. IPX. TCP, UDP. etc. the fields listed above may 
also be extracted in the parsing process. A field value is constructed at step 

25 22-3 by concatenating the extracted fields in the same order as listed in the 
field mask, including the ingress port and egress port. If the egress port is not 
determined or known, then the port value is set to an invalid value that can be, 
for example, 0x3f. At step 22-4, logic 141 1 goes through all filters which have 
the filter enable bit set, and applies the mask portion of the filter to the field. 

30 The result of this operation is concatenated at step 22-5 with the filter number 
to generate a search key. The search key is used to search for a match to the 
key in rules table 22 at step 22-6. If the no match action (NMA) bit is set to 
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zero, then the filter is considered to be an inclusive filter. For inclusive filters 
as will be discussed belov.. there should be an exact match in order to 
execute the actions defined in the rules table entry. If there is not an exact 
match, then no action is taken for that particular filter. If the NMA bit is set to 
one. then the filter is an exclusive filter. This process is repeated for each 
individual filter until all selected filters have been applied to the packet. 

When a binary search is performed on rules table 22. additional 
comparison is done using filter select, source port, and destination port fields 
to determine if a partial match exists. If there is a full match, then the actions 
from the matched rules table entry are applied. If there is no full match but 
there ,s a partial match, then acfions from the "no match action" field in the 
filter mask are applied at step 22-7. If there is no full match and no partial 
match, then no filter action is taken. 

Rules table 22 is completely programmable by CPU 52 through CMIC 
40. The rules table can be. as an example. 256 entries deep. The entries in 
the rules tables, again as an example, are stored in ascending order with filter 
value + egress port + egress module id + ingress port + filter select as the 
key. The ingress port or egress port is set only if there is an intention to do 
the filtering on a per port basis, and in that case the associated ingress and/or 
egress mask should be set to the aforementioned invalid value of OxSF. 

The FFP configuration enhances the handling of real time traffic since 
packets can be filtered and action can be taken on the fly. Without FFP 141 
the packet would need to be transferred to the CPU for appropriate action to 
be interpreted and taken. For inclusive filters, if there is a filter match, action 
's taken, and if there is no filter match, no action is taken; however, packets 
are not dropped based on a match or no match situation for inclusive filters. 

Figure 23 illustrates an example of a fonnat for rules table 22. The 
fields of this rules table are as follows: 

Filter Value - 512 bits long - For every incoming packet the Filter Mask 
«s applied and the result is compared with the Filter value. Since the 
incoming packet itself is typically in Big Endian Format the Filter value 
should be set up in Bit Endian Format. 
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Ingress Port - 6 bits long - Ingress Port Number: This field is set only 
if one is setting this filter on a specific ingress port. If this field is set 
then the Ingress Port Mask in the Filter Register should be set. 
Egress Port - 6 bits long - Egress Port Number: This field is set only 
5 if one is setting the filter on a specific egress port, if this field is set 

then the Egress Port Mask in the Filter Register should^e set. In case 
of Broadcast. Multicast or DLF, the Filtering Mechanism should use 
invalid port number (0x3f) so that there is no match on the entry. 
Egress Module Id - 5 bits long - Egress Module Id - This field is set 

10 only if one is setting the filter on a specific egress port + Module Id. If 

this field is set then the Egress Port Mask + Egress Module Id in the 
Filter Register should be set. In case of Broadcast, Multicast or DLF, 
the Filtering Mechanism should use invalid port number (0x3f) so that 
there is no match on the entry. Note: Remote Egress Port is a 

15 combination of Egress Port + Module Id. The only way to invalidate 

the Remote Port is to use an invalid Port Number. 
Filter Select - 3 bits long - Filter Select - These bits are used to 
identify the Filter Number, which is used to match these entries. 
Action Bits - 14 bits long - Action Bits defines the actions to be taken 

20 in case of the matched entry. Bit 0 - If this bit is set then change 

802. 1 p Priority in the packet. The Priority is picked up from the 802.1 p 
priority field. Bit 1 - If this bit is set then categorize this packet to send 
on priority COS Queue, but don't modify the 802.1 p priority field in the 
packet tag header. Again the priority is picked up from the 802. 1p 

25 Priority field. Bit 2 - If this bit is set then change IP TOS Precedence in 

the IP Header. The new TOS Precedence value is picked up from the 
TOS_P field. Bit 3 - if this bit is set then send the packet to CPU. Bit 
4 - if this bit is set then discard the packet. Bit 5 - if this bit is set then 
select the output port and output module id from the Rule entry. If the 

30 Packet is a Broadcast, Multicast or a DLF then this action is not 

applied. Bit 6 - If this bit is set then the packet is sent to the "Mirrored- 
To" port. Bit 7 - If this bit is set then increment the counter indicated in 
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the counter value. The counter index is picked up from the counter 
field. Up to 32 counters are supported. Bit 8 - if this bit is set then the 
value of 802.1P Priority field is picked up from the TOS Precedence 
field in IP header. (TOS_P->COS). Bit 9 - If this'bit is set then the 
value of TOS Precedence field in IP header is picked up from the 
802.1P Priority field. (COS->TOS_P). Bit 10 - If this bit^s set then the 
value of Differentiated Services (DS) is picked up from Differentiated 
Services Field. Bit 1 1 - if this bit is set. then select the output port and 
output module id from the Rule entry. Bit 12 - Reserved. Bit 13 - if this 
bit is set. then the packet is not dropped. If bit 4 and bit 13 are both 
set. then the packet Is not dropped. 

802.1p Priority Bits - 3 bits long - The value in this field is used to 
assign the priority to the packet. The 802. 1 p standard defines 8 levels 
of priorities from 0 to 7. The field is used only If bit 0 or bit 1 of Action 
15 Field is set. 

Differentiated Services - 6 bits long - Differentiated Services - The 
value in this field is used to assign the new value to the Differentiated 
Services Field in the IP Header. 

TOS_P field - 4 bits long -The value in this field is used to assign the 

new value to TOS Precedence field in the I P Header. This field Is used 
only if bit 2 of Action Field is set. 

Output Port - 6 bits long - Output Port - This field identifies the Output 
Port Number. This port overrides the egress port selected by ARL. 
Output Module id - 5 bits long - Output Module Id - This field identifies 
the output Module Number. The output Module, output Port 
combination overrides the Egress Port, Module Id selected by ARL. 
This field is valid only if Remote Port Bit is set. 
Counter - 5 bits long - Counter Index is the counter, which needs to be 
incremented. 

In other words, a logical AND operation is performed with the filter 
mask, having the selected fields enabled, and the packet. If there is a match, 
the matching entries are applied to rules tables 22. in order to detennine 
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which specific actions will be taken. Since there are a limited number of fields 
in the rules table, and since particular rules must be applied for various types 
of packets, the rules table requirements are minimized by setting all incoming 
packets to be "tagged" packets; all untagged packets, therefore, are subject 
5 to 802. 1Q tag insertion, in order to reduce the number of entries which are 
necessary in the rules table. This action eliminates the need for entries 
regarding handling of untagged packets. It should be noted that specific 
packet types are defined by various IEEE and other networking standards, 
and will not be defined herein. 

10 As noted previously, exclusive filters are defined as filters which 

exclude packets for which there is no match; for excluded packets, actions 
associated with exclusive filters are taken. With inclusive filters, however, 
inclusive actions are taken. If there is a match, action is taken as discussed 
above; if there is no match, no action is taken and the packet proceeds 

15 through the forwarding process. Referring to Figure 1 5, FFP 141 is shown to 
include filter database 1410 containing filter masks therein, communicating 
with logic circuitry 141 1 for determining packet types and applying appropriate 
filter masks. After the filter mask is applied as noted above, the result of the 
application is applied to rules table 22, for appropriate lookup and action. It 

20 should be noted that the filter masks, rules tables, and logic, while 
programmable by CPU 52. do not rely upon CPU 52 for the processing and 
calculation thereof After programming, a hardware configuration is provided 
which enables linespeed filter application and lookup. 

Referring once again to Figure 14, after FFP 141 applies appropriate 

25 configured filters and results are obtained from the appropriate rules table 22. 
logic 1411 in FFP 141 determines and takes the appropriate action. The 
filtering logic can discard the packet, send the packet to the CPU 52, modify 
the packet header or IP header, and recalculate any IP checksum fields or 
takes other appropriate action with respect to the headers. The modification 

30 occurs at buffer slicer 144, and the packet is placed on C channel 81. The 
control message and message header information is applied by the FFP 141 
and ARL engine 143, and the message header is placed on P channel 82. 
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Dispatch unit 18, also generally discussed with respect to Figure 8, 
coordinates all dispatches to C channel, P channel and S channel. As noted 
previously, each EPIC module 20, GPIC module 30, MMU 70, IPIC 90, etc. 
are individually configured to communicate via the CPS channel. Each 
5 module can be independently modified, and as long as the CPS channel 
interfaces are maintained, internal modifications to any modules such as 
EPIC 20a should not affect any other modules such as EPIC 20b, GPICs 30, 
or IPIC 90. 

As mentioned previously. FFP 141 is programmed by the user, through 

10 CPU 52, based upon the specific functions that are sought to be handled by 
the FFP. Referring to Figure 17, it can be seen that in step 17-1, an FFP 
programming step is initiated by the user. Once programming has been 
initiated, the user identifies the protocol fields of the packet which are to be 
of interest for the filter, In step 17-2. In step 17-3, the packet type and filter 

15 conditions are determined, and in step 17-4, a filter mask is constructed 
based upon the identified packet type, and the desired filter conditions. The 
filter mask is essentially a bit map which is applied or ANDed with selected 
fields of the packet. After the filter mask is constructed, it is then determined 
whether the filter will be an inclusive or exclusive filter, depending upon the 

20 problems which are sought to be solved, the packets which are sought to be 
forwarded, actions sought to be taken, etc. In step 17-6, it is determined 
whether or not the filter is on the ingress port, and in step 17-7. it is 
determined whether or not the filter is on the egress port. If the filter is on the 
ingress port, an ingress port mask is used in step 17-8. If it is determined that 

25 the filter will be on the egress port, then an egress mask is used in step 1 7-9. 
Based upon these steps, a rules table entry for rules tables 22 is then 
constructed, and the entry or entries are placed into the appropriate rules 
table (steps 17-10 and 17-11). These steps are taken through the user 
inputting particular sets of rules and information into CPU 52 by an 

30 appropriate Input device, and CPU 52 taking the appropriate action with 
respect to creating the filters, through CMIC 40 and the appropriate ingress 
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or egress submodules on an appropriate EPIC module 20 or GPIC module 
30. 

In another embodiment of the invention, the filtering logic is modified 
from the previous embodiment. In this embodiment.- which is backward 
5 compatible in implementation with that which is previously discussed, four 16 
byte fields are specifically defined within the packet header, each of these 
fields having their own configurable offset. These four 16 byte fields are 
combined to fomi the previously mentioned 64 byte/51 2bit field mask. 
However, in this embodiment the offsets are configured in such a way that the 

10 filter mask can effectively look into the packet header up to 120 bytes deep. 
Although Figure 20 Illustrates that a substantial portion of the relevant filtering 
infonnation is contained within the first 64 bytes of the packet header, when 
product and technology Innovation renders bytes 64 to 120 of the packet 
header to be of substantial relevance to filtering, the present invention will be 

15 configured to filter using this header format. 

As stated above, the 64 byte packet key is split up into a 
predetemnined number of subfields. As an example, the 64 byte packet key 
can be split up into 4 16 byte subfields. Each subfield has a 3 bit mask 
associated therewith that indicates a multiple of 8 bytes to offset for each 

20 subfield, as shown in Figure 31 . Therefore, for example, if the first 64 bytes 
of the packet are of interest, then an offset field of 000 would be used for all 
four of the 16 byte subfields. This would cause the first offset to 
capture/review the 16 bytes beginning with byte 0 and continuing through byte 
1 5. The second offset would capture the 1 6 bytes beginning with byte 1 6 and 

25 continuing through byte 31 , and In similar fashion, the third offset would 
capture bytes 32 through 47, and the fourth offset would capture bytes 48 
through 63, thereby including the entire first 64 bytes. As a second example. 
If the offsets were set as first offset 001 , second offset 01 1 , third offset 1 00, 
and fourth offset 110, then the subfields would be defined as follows. The 

30 first offset of 001 would define the first subfield as beginning with byte number 
8 in the packet header and confinuing for 16 bytes through byte 23. The 
second offset of 01 1 would define the second subfield as beginning at byte 
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40 and continuing for 16 bytes through byte 55. The third offset of 1 00 would 

define the third subfieldasbeginning with byte64and continuing through byte 
79. Finally, the fourth offset of 110 would define the fourth subfield as 
beginning at byte 96 and continuing through byte 111. Thereafter the 4 
individual 16 byte subfields created through the application of the four offsets 
are concatenated into a single 64 byte field value. Again, the CQpcatenation 
of the field value must include the ingress port, egress port, and the egress 
module id fields. If the egress n^odule id or the egress port fields are not 
determined, then these fields are again set to an Invalid value, such as 0x3f. 
The filter logic then goes through goes through all of the filters that are set 
and applies the mask portion of the filter to the field value and filter mask 
The result of this operation is again concatenated with the filter number to 
generate the search key. which is then used to search for a match in the rules 
tables 22. If all of the no match action bits are set to 0. then the filter is 
considered to be an inclusive filter, which indicates that there must be an 
exact match In order to execute the actions defined in the rules table entry 
If there is anything less than a full match, then no action is taken under an 
inclusive filter. However, if at least one of the action bits are set to 1. then the 
filter IS considered to be an exclusive filter. 

In executing actions from the rules table entries and no match actions 
from the filter, specific rules are followed in order to insure proper filtering and 
action execution. The relevant rules to execute actions from rules table 
entnes and no match actions from filters are as follows. 

• When a binary search is done in the rules table, additional 
comparison is done using {filter select + egress module id + 
ingress port + egress port) fields to determine a partial match 

• A full match occurs when the filter select + egress module 
id + ingress port + egress port + packet format + filter value 
matches an entry in the rules table. Therefore, if there is a 
full match, then the associated actions from the matched 
rules table entry are applied. 
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• If there is no full match and no partial match, then no action 
is taken. 

• If there Is no full match, but there is a partial match, then 
the actions from the no match actions field are applied. This 
no match action is derived from the filter mask field. 

• If there is a partial match with a filter, actions associated 
with the filter mask are taken, if there is a full match with a 
higher filter value, then the actions associated with the rule 
entry are taken. If a particular action bit is set by the no 
match action field and the full match on another filter mask 
does not set the same action bit, then the action Is taken, as 
the partial match and full match are on different filters. 

• If there is a partial match and a full match, the counters are 
updated only for the full march according to the rules table. 
If there is only a partial match, then the counters are updated 
according to action in the filter mask. If all of the filters have 
a full match in the rules table and the action is to increment 
the same counter, then the counter is incremented only 
once. If all of the filters have a partial match and the action 
is to increment the same counter, then the counter Is 
incremented only once. 

Packet Flow Control: 

In conjunction with the filtering functions, the configuration of SOC 10 
enables a traffic conditioning function, which can meter, shape, police, drop, 
and/or remark data packets as necessary, to ensure that the packets or data 
traffic entering the differentiated services (diffserv) domains conform to 
predetermined requirements for the particular implementation. Metering 
functions generally measure the temporal properties, generally the rate or 
flow, of the stream of packets selected by a classifier. In the present 
invention a rate counter field for a codepoint in diffserv-to-COS mapping table 
is incremented every time a packet comes into the switch with that particular 
codepoint. thus allowing a rate of traffic to be determined. A shaping function 
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serves to delay some or all of the packets in a traffic stream in order to bring 
the traffic stream into compliance with a predetermined traffic profile. The 
present invention implements a shaping functionality for each COS queue, 
which is handled by the COS manager on each individual egress. The 
5 dropping function of the metering logic is responsible for discarding some or 
all of the packets in a data stream in order to bring the data stream into 
compliance with a predetermined traffic profile. Put simply, if the 
aforementioned rate counter for a specific code point value exceeds the rate 
counter threshold set in the diffserv-to-COS table, then the option is provided, 
1 0 using the new codepoint actions bits, to drop the packet from the date stream. 
The re-marking function allows the codepoint of a packet to be reset 
depending on the characteristics of the traffic profile. The re-marker may be 
configured to re-mark all packets to a single codepoint, or it may be 
configured to mark a packet to one of a set of codepoints. Specifically, if the 
15 aforementioned rate counter for a codepoint exceeds the rate counter 
threshold in the diffserv-to-COS table, then the option is provided, using the 
new codepoint action bits, to remark the codepoint and select a new COS 
queue for the packet, in addition to changing the 802. 1 p priority of the packet, 
both of which will have a direct Impact upon flow threshold of the packet. 
20 Although the present invention provides multiple packet flow control 

alternatives, metering is generally provided by the counter field of rules table 
22. Using the counter and the COS queues, packets in a particular traffic 
stream can be delayed as necessary in order to bring the traffic stream into 
compliance with the desired traffic profile. This can be controlled through the 
25 use of COS manager 1 33 and transaction fifo 1 32. as illustrated in Figure 1 3. 
Packet pointers that depend upon the differentiated services code point 
(DSCP) are placed in one of the COS queues in transaction fifo 132. and 
scheduler 134 picks up the next packet depending upon the priority 
determination of COS manager 133. Queue scheduling algorithms can be 
30 programmed into COS manager 133 as appropriate for a particular 
application. Strict priority based scheduling can be implemented, wherein 
packets in the high priority COS queue are taken up first for transmission. 
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However , this can result in starvation of low priority COS queues. An option 
for resolving this difficulty, therefore, is implementing a weighted priority based 
scheduling scheme, wherein a minimum bandwidth is provided to all COS 
queues, so that no queue gets starved as a result of priority allocation. 
Bandwidth is a programmable parameter in COS manager 133, and can be 
programmed based upon the switch application. Realtime applications can be 
implemented through a Maximum Allowable Latency Parameter, which 
enables COS manager 133 to schedule packet transmission such that 
packets on a particular COS queue are not delayed for more than a maximum 
allowable latency time. 
METERING USING DSCP 

The general flow of an incoming packet as it goes through the various 
functions of SOC 10 relative to differentiated services is shown in Figure 45. 
In one embodiment of the present invention, a differentiated services 
enhancement to the Internet protocol is used to enable scalable service 
discrimination without the need for per flow state and signaling operations at 
every hop. Therefore, a variety of services may be built from a small, well- 
defined set of building blocks that are already deployed within the network 
switch configuration. Differentiated services can be constructed by a 
combination of: first, setting bits in the IP header field at network boundaries; 
second, using those bits to determine how packets are fonwarded by the 
nodes within the network; and third, by conditioning the mari<ed packets at 
network boundaries in accordance with predetermined requirements or rules 
of service. The present invention uses the differentiated sen/ices code point 
to classify and forward traffic entering the switch based upon predetermined 
policies directly related to the DSCP, which are discussed below. 

In this embodiment, packet classification selects packets in a traffic 
stream based on the contents of specific fields in the packet protocol header. 
In the differentiated services architecture there are two types of packet 
classifiers: first, multi-field classifiers; and second behavior aggregate 
classifiers. Multi-field classifiers classify the packets entering the switch 
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2) 

3) 

4) 

5) 

6) 

7) 

8) 

9) 

10) 



based upon the comentsofspeoiflcflelds in theprotoco, header. The specific 
fields of interest are as follows: 

1) Source IP Address 

Destination IP Address 
DS Field 
Protocol ID 

Source TCP Port ^ 
Destination TCP Port 
Source UDP Port 
Destination UDP Port 
Incoming Interface Number 

Application Type, eg. Telnet, HTTP. FTP, RTP, RTCP etc 
In using multi-field classifiers, SOC 10 uses FFP mechanism 141 ,o 
■mplement the mu«-fieW (MF, classifications, which are accomplished at the 
nehvorK boundaries. MF classifier capability is Implemented using the FFP 
141 engine, wherein the fi«er mask and the corresponding n.les table are 
pr^-amed as per the corresponding Differentiated services related policies 
toassignanewcodepolnt or the change the codepoin, of the packet. The 
same rules entry can be used to change 802.1p priority of the packet 
depending on the particular policy. 

Alternatively, when a behavior aggregate (BA) classifier is used. «ie 
packets are classified using the DSCP only, and the BA classifiers are In 

w ^n the DS domain itself. The BA classffier is implemented within «,e 

P*ies can be defined per the agreement te^een a customer and service 
^^^llgfMhe following table is exemplary of packet classification 

Application 
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Streaming Video 


X3 


6 or 5 


Telnet 


X4 


4 


HTTP, Secure HTTP 


X5 


4 or 3 


FTP and other Data transfer Type Applications 


00 


0 


Any Packets originating from Source IP Address 
a.b.c.d 


Y1 


6 or 


Any Packets destined to IP Address a.b.c.d 


Y2 


6 or 5 


Packet Flows between networks e.f.g.h to i.j.k.l 


Y3 


4 or 3 


HTTP traffic to Destination Network i.j.k.l 


Z1 


0 


Streaming video to Destination Network m.n.o.p 


Z2 


3 


Traffic coming from Network p.q.r.s with DS Code 
Point A1, A2 or A3 


A4 


0 



Specifically, if the DS field in the incoming packet Is non-zero, then the 
15 ingress logic gets the COS queue value from the DS field using the diffserv- 
to-COS mapping table shown in Figure 30. The following fields are shown in 
Figure 30 and detailed below. 

COS Queue Value - 3 bits long - COS Queue value used when 
sending the Packet to the Egress Port. 
20 Change Priority Field (CPF) Bit - 1 bit long - If CPF Bit is set then the 

802. 1p Priority Field in the Packet is changed to a new Priority. The 
new priority field is picked up firom '802. 1p Priority' Field. 
New Codepoint Action (NCA) Bits - 2 bits long - New Codepoint 
Actions are taken only if the Rate Counter exceeds the Rate Counter 
25 Threshold. Value GO - No Action. Value 01 - Assign a new Codepoint. 

The new codepoint value is picked up from "New Codepoint" Field. 
Value 02 - Assign a new codepoint and also change the 802. 1p 
Priority of the Packet. New 802.1 p Priority field is picked up from "New 
802.1 p Priority" Field. Value 03 - Drop the incoming Packet. 
30 802.P Priority - 3 bits long - This priority field is used only if the CPF 

bit is set. 



BNSOOOO: <WO_00S6a24A2J.> 



) 



wo 00/56024 

PCT/USOO/06942 

70 

Rate counter. 12 b«s long -This counter Is incremented eve^ «me 

apacke,arr„eswi,MhisCodepoin.. ™s counter is rese.evej/r 
Rate counter Threshold - ia bits long - is expressed as nuL^f 
pa^ete per 1 n,s. „ ,He rate counter exceeds this threst,o.d .1 he 
packet IS a candidate for new codepornt 

r^rsed"' ^T""'" " - "^'^ Oiscard.Th.sho,d is 

.3 exceeded then the packets are discarded if the NCA bit value is set 

New Codepoint - 6 bits long - If the Rate Counter exceeds the Rate 
Counter Threshold and the NCA B, value Is 0, then New Codepoim 
value IS picked up from this fieW. i-odepoint 

cr„r°^°""' " ' ""^ '""^ - exceeds Rate 

CounterThreshold andthe NCA Bitvalue is 01 then NewCOS Queue 
value IS picked up ftom this field 

New 802.1P PHority - 3 bits long - If the Rate Counter exceeds Rate 
Coumer Threshold and the NCA Bit value is 02 then New 802 1p 
Pnonty value of the packet is picked up from this fleld. 

^''^'""''^'"^'^'""''ownabovealsooffei^theopflonofmodifyina.he 

P^n .r rT""""'"""^'^"- ^"^^""^^^^-""^^-^^^ 

se.e«l^ as ""^ " "^"^ value 

selected as a result of differentiated sen,ices mapping tables take! 

precedence over the prionty sele^ed from the 802.1p poLes 
predetelirplf ^"'"^ '"^'^^ ^'^^ '-e 

iogr ^ks seeT^^^^^ "^^^ - -1 . Where the 

~ei^:i— ^^^^^^^ 

«ag is set te 1, then the ass^ned t^LcpXaf " 

OifTServ teble, eise the DSCP vleTm ^ .p k""" '° ''^ 

value from the IP header is used. After 
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executing the appropriate action at step 46-2, then the logic continues to step 
46-3. where it is determined whether the rate counter is less than or equal to 
the DSCP threshold value. If the rate counter is not greater than or equal to 
the DSCP Discard threshold, then the flow logic continues to step 46-9. If the 
5 rate counter is greater than or equal to the DSCP discard threshold, then the 
logic continues to step 46-5. where it is determined if the DF^alue is 1 . If the 
OF value is 1 , then portbitmap is set to 0. and if C State or a copy of the 
packet should go to the CPU. then the portbitmap is set to 1 , much less than 
CPU. and the logic skips to step 46-4. If DF value is not equal to 1 , then the 

10 logic continues to step 46-7, where It is detemnlned if the DF value equals 2. 
If the DF value is found to equal 2, then the CNG bit is set in the P Channel 
and the logic continues to step 46-9. If the DF value is not equal to 2, then 
the logic continues directly to step 42-9 without modification of the CNG bit. 
At step 46-9 the logic determines is the DSCP rate counter is less than or 

15 equal to the DSCP re-mark threshold. If so, then the logic continues to step 
46-10, while if not, then the logic continues to 46-1 1. At step 46-10 the logic 
determines if the RMF value equals 0 or 3. If so, then the logic continues to 
step 46-1 1 , while if not, then the logic checks to see if the RMF value equals 
2 at step 46-12. If the RMF value equals 2, then the logic gets the 802.1p 

20 priority from the New DSCP assigned 802.1 p priority field. If the RMF value 
does not equal 2, then the logic proceeds directly to step 46-17 without 
modification of the priority. At step 46-17, the DSCP field is changed to the 
New DSCP field, the IP checksum is recalculated, the CRC is regenerated. 
Upon completion of these actions, the logic continues to step 46-4. 

25 Returning to step 46-10, if the RMF value is not equal to 0 or 3, then 

the logic continues to step 46-1 1 , where the logic checks to see if the NP 
value equals 1x. If so, then the logic gets the 802.1 p packet priority from the 
802. 1p priority field before continuing to step 46-18. If the NP value is not 
found to be equal to 1x at step 46-1 1 , then the logic checks to see if the NP 

30 value equals 1 at step 46-15. If the NP value equals 1 , then the logic picks 
up the COS queue value from the DSCP priority queue before continuing to 
step 46-18. If the NP value is not equal to 1 at step 46-15, then the logic 
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continues directly to step 46-18 without modification of the COS queue. At 
step 46-18. if the FFP-DSCP equals 1 or the DSCP_flag equals 1, then the 
DSCP field is changed, the IP checksum Is recalculated, and the CRC is 
regenerated. In this step, the DSCP field will come from the FFP logic if 
FFP_DSCP equals 1, if not, then the value will come from the DSCP logic. 
Upon completion of these actions, the DSCP logic continues4o step 46-4. 

Figure 47 shows a detailed flowchart of the logic contained within step 
42-4 of Figure 42. At step 47-1 the logic gets the PortBitmap and conducts 
a logical "and" operation with this value and the fonwarding port register, while 
also "anding" this value with the active port register corresponding to the COS 
queue selected, after going through the COS mapping using the COS 
mapping using the COS Select Register. This value is also "anded" with the 
HOL Register value, which con-esponds to Active Port Register 8. to get the 
PortBitmap at this step. The logic also looks at the M bits of the port based 
VI_AN at this step. Upon completion of the actions of step 47-1. the logic 
continues to step 47-2, where the logic checks to see if the ingress port is 
mirrored, that is if the M bit is 0. or if the stack link and the M bit is set. If so. 
then the packet is sent to the according mirrored port at step 47-3, while if not. 
then the logic continues to step 47-4 without taking any mirror port action. At 
step 47-4 the logic checks to se if the mirroring is based upon filter logic. If 
so. then the packet is sent to the appropriate mirrored port at step 47-5, while 
if not. then the logic continues to step 47-6 without taking any mirrored port 
action. At step 47-6 the logic checks to see if the egress port is mirrored by 
looking at the egress min-oring register. If the egress port is mirrored, then the 
packet is sent to the mirrored port before continuing to step 47-8. If the 
packet is not min-ored. then the logic simply continues directly to step 47-8 
without taking any min-or port action. Step 47-8 continues with the mirror port 
logic, and therefore, will not be discussed in detail. Nonetheless, at this stage 
of the logic the DSCP has been accordingly modified such that the packet 
flow can be appropriately shaped and/or metered upon egress. 
METERING USING METER ID 
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In another embodiment, the packet flow control logic is folded into the 
filtering logic, and therefore, the packet flow control logic operates in 
conjunction with the filtering. In this embodiment, the filtering/flow logic 
operates in three stages: first, the logic takes actions that are independent of 
5 the packet profile, that is the actions do not depend on the classification of the 
packet as in-profile or out-profile; second, the filtering/flow logic picks up the 
meterid, which is a 6 bit number associated with the packet that is stored in 
the rules table, and takes any appropriate in-profile actions that are set; and 
third, the filtering/flow logic takes any appropriate out-profile actions. 

10 Beginning with the profile independent actions, upon application of each 
individual filter mask, which is generally undertaken in ascending numerical 
order, a determination is made by the filtering/flow logic as to whether there 
is a matching rule, as shown in Figure 32. This determination essentially 
determines whether or not there is a full match, as previously defined, which 

15 is shown in Figure 32 as step 32-1 . If it is determined that there is a full match 
for the particular mask at step 32-1 . then the first action bit is checked at step 
32-2. If a full match is not determined at step 32-1 , then the logic determines 
whether or not there is a partial match for the mask at step 32-3. If a partial 
match is found at step 32-3, then the logic continues through the partial match 

20 method, which is illustrated in Figure 33 and will be further discussed below. 
Returning to step 32-2, if it is determined that bit 1 of the action bits is set, 
then the class of service is selected from this rule entry at step 32-4. If bit 1 
of the action bits is not set, then the logic continues to step 32-5 and checks 
to see if bit 0 of the action fields is set. If bit 0 is set, then the class of service 

25 for this entry is obtained from the rule entry, the packet is modified for priority 
tagged field, and the regenerate CRC bit is set at step 32-5. If bit 0 is not set. 
then the logic continues to step 32-6, which generally represents the 
beginning of the flow control logic, and the end of the profile-independent 
actions, as action bit 0 and action bit 1 are independent actions from flow 

30 control. Put simply, the profile independent actions are taken at steps 32-1 
through 32-5, and beginning at step 32-6, the profile dependent actions begin. 
At step 32-6, the meter id for the particular mask is obtained from the 
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r*s .awe. A, step 32-7, the fogic determines ..he n,e,er id obtained from 
.he ..es .able ,s 0. ,f .he n,e.er id is 0, .hen «,e paCe. is au.on,a.ioal,y 
udged o be .n-p,ofile. and .he appropriate in-profile actions are immediately 
.aKen a. s,ep 32-8. If the me.er id is not 0. then the logic indexes into the 
meter table with .he meter id at step 32-9 to determine the profile status o,.he 
packet At step 32-10, upon indexing into the meter table the logic 
determines it the pacKe. is in tac. in-pr„fi,e, and i, so, «,e„ .he in pit 
a«,ons Of s ep 32-8 are .aken. it the packet is no, determined to be in-profl,e 
.hen by default the packe. is de.em,ined ,o be ou.-proflte a. step 32-11 
Therefore, upon .he de.em,ination that the packet is ou.-profl,e «,e 
appropnate out-profile acions aiB taken a. step 32-12. 

The parBal match aCions discussed a. s.ep 32-3. which are par, of the 
profile .dependent acttons, are fur*er detailed in Figure 33. If a partial 
ma,ch .s no, found a. step 32-3, .hen «» logic de.em,ines i, ,here are any 
mher masks ,o compare. If .here are ofter masks ,o compare, .hen .he logic 
^U,ms to step 32-1 in Figure 32. If there are no other masks to compa^ 
then ttte logrc confinues ,o check for mirrored port and final FFP actons as 
Shown m Figure 34. If, however, a partial match is found a. step 32-3 then 
me .og.c confinues in Figure 33 at step 33-1. At stap 33-1. the logic 
d«em,,nes ,f bit 8 of the no match action bits is set. If bit 8 o,«,e no mat!h 
the TO. " '"^^ 802.1P priority values from 

lo 3, r^r" '^^ ^' ^'^P ^^-2 -"«""es .0 

step 33-3 if bit 8 Of the no match action bte is no. set. then »e logic 
oon.,nues .o direCly .o s.ep 33-3 w«hou. aoUon. A. s.ep 33-3, b« 9 of «,e no 

.he TOS precedence value is picked up fi«n the IEEE 802.1p priority field, 
the IP Checksum ,s recalculated, and «1e regenerate CRC is set in the 
message. Thereafter, U,e k«ic continues to step 33-5. If no match action bit 
9 .s no. set, then the logic simply continues to step 33-5 without taking any 

a<.^n. A step33-5,thelogiccheckstosee.bit2ofthenomatchacao„^^^ 
-P header wnh ,he TOS_P f^kt from the flltar mask, «,e IP checksum is 
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recalculated, and the regenerate CRC is set in the message. After taking 
these actions, the logic continues in Figure 35 at step 35-1. If the No Match 
action bit is not set, then the logic simply continues to step 35-1 without taking 
any action. 

5 Figure 35 illustrates the continuation of the partial match action logic, 

which is again part of the profile independent actions, beginning with step 35- 
1. At step 35-1 the logic checks to see if no match action bit 3 is set. If the 
bit is set. then a copy of the packet is sent to the CPU and bit 0 of the CPU 
opcodes is set before proceeding to step 35-3. If No Match action bit 3 is not 
1 0 set. then the logic simply continues to step 35-3 without taking any action. At 
step 35-3 the logic checks to see if No Match action bit 6 is set. If no match 
action bit 6 is set, then a copy of the packet is sent to the mirrored port at step 

35- 4 and the logic continues to step 35-5. If No Match action bit 6 is not set 
at step 35-3, then the logic simply continues to step 35-5 without taking any 

15 action. At step 35-5, the logic checks to see if No Match action bit 4 is set. 
If No Match action bit 4 is set. then the logic drops the packet at step 35-6 and 
continues to step 35-7. If No Match action bit 4 is not set at step 35-5, then 
the logic simply continues to step 35-7 without taking any action. At step 35- 
7, the logic checks to see if bit 5 of the No Match action bits is set. If No 

20 Match action bit 5 is set, then at step 35-8 the outport port and output module 
id from the field in the filter mask are set as the egress port and the egress 
module, along with the according set of the port bitmap. Thereafter, the logic 
continues to step 36-1 , as shown in Figure 36. If No Match action bit 5 is not 
set, then the logic simply continues to step 36-1 without taking any action 

25 associated with No Match action bit 5. 

Figure 36 shows the continuation of the partial match logic, which is 
again part of the profile independent actions, starting with step 36-1. At step 

36- 1 , the logic checks to see if bit 1 of the No Match action bits is set. If No 
Match action bit 1 is set. then the logic selects the COS from the field In the 

30 filter mask at step 36-2 and continues to step 36-3. If bit 1 of the No Match 
action bits is not set, then the logic simply continues to step 36-3 without 
taking any action. At step 36-3, the logic checks to see if bit 0 in the No 
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Match action bits is set. If bit 0 is set thon i • 

the logic simpV con«nuas ,o step 36^ ' " 
5 With NO M..ch ac«on bHO A, step 36 5 , ' 

a higher mer a,asK, «,e„ a. step 36-6 .he 2 h' 

CRr hit !e *u recalculated, and the regenerate 

<-KC bit fs set m the message After taking a«"eraTe 

10 NO Match ac«on h«s Is no, f27T:::^,T:.T"''°°'*^ 
con«nues ,0 step 36-7. A, step 36 7 ,h. , V " ' 
NO Match action .its is se i. n ^^^^^^^^^ *° ^ " "» ^ ^ 

port and the output po« „«d.,e ftlX Is, T^"' 
the egress .oduie , step 36-8. F.ZTZ j^^ " ^"^ 

1^ step36-8. .fbit11is„o.,ound.otsr.arsZ^^^ 

ac«ons,or.«.are.a.en,«.nthe^icL:resr^^^^^^^^^^^^^ 

any more masks to compare and If «o k k ^"eck.ng if there are 

neyt m=.=i, w ' '^^S'^i'^S with step 33-1 for the 

next mask and repeatinaearhnfth^^K • 'onne 

Hcaiiiig eacn or the above mentioned «?tpn«! if th<..» 

.0 ~ *° — - - '-'^ — es to ::r .'at:::: 

based ul:r '"^ " '° " '^^^t - to be dropped 

step43-2,helogicgetstheportbitmaDand-ANn'=-.w. , ==5- «' 

Portregisterand-AND's-thiswi.h,r . «"«''^'"e With forwarding 

25 COSqueueselectedal '"'''^'''^^^ 

...tLn;;:rd 

Additionaily at step 43 2 IT ? ^ ° ^"^^ ""^ '^''^^P- 

-e.eforLnr:rcrAur43^r"T 

ingress port is mirrored whJ detemilnes if the 

0 "---:;~prr:::r°'°^""^'^^^""-- 

before continuing ^ ,og,c a. s. ^Ts , : : ""^ ^ 
3. then «,e logic oon«nues directly to step 43 s 1 

eotiy to step 43-5 without foiwareling the packet 
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to the mirrored port. At step 43-5 the logic determines if the mirroring is 
based upon filtering logic. If not, then the logic continues directly to step 43-7. 
If so, then the logic again sends the packet to the mirrored port prior to 
proceeding to step 43-7. At step 43-7 the logic determines if the egress port 
5 is mirrored from reviewing the egress mirroring register If the egress 
mirroring port register dictates, then the packet is sent to the mirrored port, 
if not, then the logic continues through the mirroring processes designated by 
block M, which will not be discussed in detail herein. 

Once all of the profile independent actions are taken, then the logic 

1 0 continues through the profile dependent actions beginning with 32-8 in Figure 
32. At step 32-8, it has already been determined that the packet at issue is 
classified as in-profile. and as such, step 32-8 constitutes packet dependent 
actions. The specific in-profile actions noted in step 32-8 are shown in greater 
detail beginning in Figure 36. At step 34-1 in Figure 34, the filtering/flow 

15 control logic checks in-profile action bit 8 to see if this bit is set. If this bit is 
not set, then the logic simply continues to step 34-3 without taking any action 
on the packet. However, if the bit is set, then the logic takes the in-profile 
actions associated with this bit. Specifically, if bit 8 is set. then at step 34-2 
the logic picks the 802. 1p priority value from the TOS precedence field in the 

20 IP header and the regenerate CRC bit in the message is set. After taking 
these actions, the logic continues to step 34-3, where the logic checks to see 
if in-profile action bit 9 is set. If the bit is not set, then the logic continues to 
step 34-5 without taking any action on the packet. If bit 9 is set, then at step 
34-4 the logic takes the appropriate in-profile actions associated with in-profile 

25 action bit 9. Specifically, at step 34-6 the TOS precedence value is picked up 
from the 802.1 p priority field, the IP checksum is recalculated, and regenerate 
CRC bit is set in the message. Thereafter, the logic continues to step 34-5, 
where in-profile action bit 2 is checked. If bit 2 is not set, then the logic 
continues, as shown in Figure 37 at step 37-1. 

30 Step 37-1 shows the filtering/flow control logic checking to see if in- 

profile action bit 3 is set. If not, then the logic continues to step 37-3; if so, 
then the logic sends a copy of the packet to the CPU and sets bit 0 of the 
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CPU Opcodes a, step 37-2 before confnulng to step 37-3. At step 37-3 the 
filtenng/flow logic checks in-profile action bit 6. If this bit is no. set then the 
togic conflnues to step 37-5 without taking action, however, i, this bit is set 
then a copy of the packet is sent to the mirrored port at step 37-4 before 
continui,^ to step 37-5. A, step 37-5 the niter/flow control logic checks to see 
if action b,t 4 is set. If bit 4 is set, then the packet is dropped at step 37-6 
however me logic continues to check the remaining action bits. iVbit 4 is noi 
set then the logic continues to step 37-7, where acUon bit 5 is checked along 

. n " ' "-'""-fon port is set 

to 0x3f. the default invalid value set by SOC 10, then setect output por, and 
output module id from the rule entry as egress port and egress module, and 
se he port b,tmap accordingly. „ac«on bit 5 and the desBnafen port .re not 
set to the des,red values, then the logic continues to step 37-9. where action 

fiew Of «,e rule unless the counter was already incremented for this packet by 

T" " "^^ continues to 

Step 37-1 . whe» action bit 10 is checked. If in-proffle action bit 10 is set and 

-n^SCP field of the rules table, the IP checksum is recalculated, and the 
nBgenerate CRC is set in the packet at step 37-12. Thereafter the logic 
continues through the in-profile action bits, as illust-ated in Figu.« 42 

At step 42-1 the filteringfflow control logic checks in-profile action bit 1 1 
and the destination port address. If action bit 11 is se. and the destinaSon 
port address equals 0x3f, then «,e outportport and the outport module are 

T^^lT *^ ^'^^ ^ module, and 

.he port b*.ap ,s updated accordingly, al, in step 42-2. Upon completion of 

.heactions associated wi.h action bit11,or if the acHon bit is not set, then the 
flltenng/flow con,™, k,gic con«nues .o s.ep 42-3. A. step 42-3 he logic 
Checks «,e in.pro«,e action bit 12. If the bit Is set, the drop precedenct 7is 

rfacfon bit 12 .s no. se. initially, tt,en .he logic continues te s.ep 42-5 A. tt,is 
Step «,e filtertng/flow control logic checks in-proflte action bit 13. If mis l^L 
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set then the packet is dropped a. step 42-6. After dropping the packet, or if 
bi,'l3 is not set initially, then the logic continues to check any masks 
unchecked by repeating the logic steps for the unchecked masks beginn.ng 

" ''^'r^ back to Figure 32 at step 32-1 2. if the packet is judged to be 
out.prof,le,thentheou..prof,leactionsaretakeninaccordancewithFigure44. 

The out-profile actions begin at step 44-1 where the filtering/flow control log.c 
Checks to see K out-profile action bit 0 is set. « this b« is set. then the pacl^t 
is sent to ht CPU and bit 0 of the CPU Opcodes is set before the logic 
continues to step 44-3. If out-profile action b« 0 is not set, then the logic 
continues to step 44-3 without taking any action on the packet. At step 4^3 
the filtering/flow control logic checks to see K bit 1 of the out-profile act»n brts 
is set If this bit is set, then the packet is dropped before the logic proceeds 
through the remaining action bits. If bit 1 is not set. then the logic sm,p.y 
, pJedstostep44.5without.akinganyaction.Atstep44-6the,og,cchec^ 

action bK 2, and if this bH is se, then at step 44-6 the logic "P 
from the out-DSCP fiek. of the rule if the TOS is unmod^.ed. The IP 
Checksum is also recalculated at step 44-6, along with setting the CRC 
regenerate bit. After completing the actions associated w«h ^^-^^^ ^jj 
,0 bit 2 is not set, then the logic proceeds to step 44-7, where action b,t 3 of the 
altion field is checked. If the bit is set, then the drop precedence b,t ,s set 
a^d the CNO bit in the P-channel is set at step 44-8. A«er ta ",g th- 
actions, or if action bit 3 is not set initially, then the logic proceeds to step 44- 
9 wberebK4ischecked. ,fb« 4 is set, then the packet is not dropped a. step 
25 44-10, despite previous action bits. If bH 4 is not set then any previou^y 
executed action b«s ti,at would drop the packet are not rnodr^ed s^^ 
packetlsallowedtobedropped. Atstep44.11 the out-profile actions for one 
mask are complete and «ie logic determines . there are any other mask o 

compare. If there are more masks, then tiie logic continues «'«P ^^"^ 
compare ,,,he,earenomoremasks to review, then the 

30 Figure 32 wiOl the next mask, it there are 

logic continues vnth step 43-1 In Figure 43. 
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Generally speaking, it should also be noted that the block diagram of 
SOC 10 in Figure 2 Illustrates each GPIC 30 having its own ARULS tables 31 
n.les table 32. and VLAN tables 33. and also each EPIC 20 also having its 
own ARL/L3 tables 21. rules table 22. and VLAN tables 23. However it is 

also contemplated Within the present inventionthattwoseparate modules can 
share a common ARUL3 table and a common VIAN table. Each module 
however, generally has its own rules table 22. For example, the.efore GPIC 
30a may share ARL/L3 table 21a and VIAN table 23a with EPIC 20a 

Similarly, GPIC 30b may Share ARLtable21bandVlAN table 23b withEPIC 
20b. This Sharing of tables reduces the number of gates which are required 
to .mplement the invention, and makes for simplified lookup and 
synchronization as will be discussed bekw. 
Table Synchronization and Aging 

SOC 10 utilizes a unique method of table synchronization and aging 

c ensure that only current and active address infom,ation is maintained in the 
tables. When ARL/L3 tables are updated to include a new source address 
a hit bit" is set within the table of the "owner" or obtaining module to indicate 
that the address has been accessed. Also, when a new address is learned 
and placed in the ARL table, an S channel message is placed on S channel 
83 as an ARL insert message, instructing all ARL/L3 tables on SOC 10 to 
team th,s new address. The entry in the ARUL3 tables includes an 
.den„fication of the port which inftially received the packet and learned the 
address. Therefore, it EPIC 20a contains the port which initially received the 
packet and therefore which initially learned the address, EPIC 20a becomes 
«.e owner- otthe address. Only EPIC 20a, therefore, can delete this address 
from the table. The ARL insert message is received by all of the modules 

and the address is added into all oftheARUL3 tables on SOC 10. CMIC40 
will also send the address inibmnation to CPU 52. When each module 
recenres and learns the address infom,ation, an acknowledge or ACK 

message issentbacktoEP,C20a.as the ownerfurtherARLinsertmessages 
^nno^^be sent from EPIC 20a until all ACK messages have been received 
from all of the modules. In a preferred embodiment of the invention, CM,C 40 
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does not send an ACK message, since CMIC 40 does not Include 
ingress/egress modules thereupon, but only communicates with CPU 52. If 
multiple SOC 10 switches are provided in a stacked configuration, all ARL/L3 
tables would be synchronized due to the fact that CPS c"hannel 80 would be 
5 shared throughout the stacked modules. 

Referring to Figure 18. the ARL aging process is disqussed. An age 
timer is provided within each EPIC module 20 and GPIC module 30, at step 
18-1, it is determined whether the age timer has expired. If the timer has 
expired, the aging process begins by examining the first entry in ARL table 21 . 

10 At step 18-2. it is detemiined whether or not the port referred to in the ARL 
entry belongs to the particular module. If the answer is no, the process 
proceeds to step 18-3, where it is determined whether or not this entry is the 
last entry in the table. If the answer is yes at step 18-3. the age timer is 
restarted and the process is completed at step 18-4. If this is not the last entry 

15 in the table, then the process is returned to the next ARL entry at step 18-5. 
If, however, at step 18-2 it is determined that the port does belong to this 
particular module, then, at step 1 8-6 it is determined whether or not the hit bit 
is set. or if this is a static entry. If the hit bit is set, the hit bit is reset at step 
18-7, and the method then proceeds to step 18-3, If the hit bit is not set. the 

20 ARL entry is deleted at step 1 8-8, and a delete ARL entry message is sent on 
the CPS channel to the other modules, including CMIC 40. so that the table 
can be appropriately synchronized as noted above. This aging process can 
be performed on the ARL (layer two) entries, as well as layer three entries. In 
order to ensure that aged packets are appropriately deleted from the tables 

25 by the owners of the entries. As noted previously, the aging process is only 
performed on entries where the port referred to belongs to the particular 
module which is performing the aging process. To this end, therefore, the hit 
bit is only set in the owner module. The hit bit is not set for entries in tables 
of other modules which receive the ARL insert message. The hit bit is 

30 therefore always set to zero in the synchronized non-owner tables. 

The purpose of the source and destination searches, and the overall 
lookups, is to identify the port number within SOC 10 to which the packet 
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Should be directed ,o after I, Is placed either CBP 50 or GBP 60. Of course 
a source lookup failure results in leamir,g of the source from the source MAC 
address information In me packet: a destination lockup failure, however, since 
no port would be iden«fied, resu«s in the packet being sent to all ports on 
SOC 1 0. As long as the destination VLAN ID is the same as the source VLAN 
ID the packet will propagate the VLAN and reach the ultimate destination at 

whic point an acknowledgmentpacketwill be received,,hereby enabling ihe 
ARL table to learn the destination port for use on subsequent packets. If .he 
VLAN IDs are different, an L3 tookup and learning process will be performed 
as discussed previously. I, should be noted that each EPIC and each GPIC 
contains a FIFO queue to store ARL insert messages, since, although each 
module can only send one message atatime, if each module sends an insert 
message, a queue must be provided for appropriate handling of the 
messages. 

1 5 Port Movement 

'^««^«'^ARL/L3 tables have entries in them, the Situation sometimes 
anses where a particular user or station may change location from one port 
to another port. In order to prevent transmission errors, therefore, SOC 10 
.ncludes capabilities of identifying such movement, and updating the table 
entries appropriately. For example, if statton A, located for example on port 
1 . seeks to communicate with station B, whose entries indicate that user B is 
located on port 26. If station B is then moved to a different port, for example 
port 1 5, a destination lookup failure will occur and the packet will be sent to 
all ports. When the packet is received by station B at port 15, station B will 
send an acknowledge (ACK) message, which will be received by the Ingress 
o^the EPIC/GPIC module containing port 1 thereupon. A source lookup (of 
the acknowledge message) will yield a match on the source address, but the 
port .nfom^tion will not match. The EPIC/GPIC which receives the packet 
from B, therefore, must delete the old entry from the ARL/L3 table, and also 
send an ARlyL3 delete message onto the S channel so a,at all tables are 
synchron^ed. Then, the new source infomiatton, wM, .he correct port, is 
■nserted into the ARL/L3 table, and an ARL/L3 insert message is placed on 
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the S channel, thereby synchronizing the ARLVLS tables with the new 
information. The updated ARL insert message cannot be sent until all of the 
acknowledgment messages are sent regarding the ARL delete message, to 
ensure proper table synchronization. As stated previously, typical ARL 
insertion and deletion commands can only be initiated by the owner module. 
In the case of port movement, however, since port movement may be 
identified by any module sending a packet to a moved port, the port 
movement-related deletion and insertion messages can be initiated by any 
module. 
Trunking 

During the configuration process wherein a local area network is 
configured by an administrator with a plurality of switches, etc., numerous 
ports can be "trunked" to increase bandwidth. For example, if traffic between 
a first switch SW1 and a second switch SW2 is anticipated as being high, the 
LAN can be configured such that a plurality of ports, for example ports 1 and 
2, can be connected together. In a 100 megabits per second environment, the 
trunking of two ports effectively provides an increased bandwidth of 200 
megabits per second between the two ports. The two ports 1 and 2, are 
therefore identified as a trunk group, and CPU 52 is used to properly 
configure the handling of the trunk group. Once a trunk group is identified, it 
is treated as a plurality of ports acting as one logical port. Figure 1 9 illustrates 
a configuration wherein SW1 , containing a plurality of ports thereon, has a 
trunk group with ports 1 and 2 of SW2, with the trunk group being two 
communicafion lines connecting ports 1 and 2 of each of SW1 and SW2. 
This forms trunk group T. In this example, station A, connected to port 3 of 
SW1, is seeking to communicate or send a packet to station B, located on 
port 26 of switch SW2. The packet must travel, therefore, through trunk group 
T from port 3 of SW1 to port 26 of SW2. It should be noted that the trunk 
group could include any of a number of ports between the switches. As traffic 
flow increases between SW1 and SVV2, trunk group T could be reconfigured 
by the administrator to include more ports, thereby effectively increasing 
bandwidth. In addition to providing increased bandwidth, trunking provides 
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redundancy in the even, of a feilure of one of .he links between the switches 
once the tn-nk group is created, a user programs SOC ,0 through CPU 52 
to rec09n,ze the appropriate trunk group or trunk groups, with .Lk oJl 
Identification aoiD) informatinn a . ,, ^ " ■ <runk group 

each TG.D L , '^"^ 3'°"" P<"* map is prepared for 

each TG.D, and a trunk group table, provided for each module on SOC 10 
.s used to -mplemen, the trunk group, which can also be called , port bundle' 
A t^nk group bit map table is also provided. These two tables are provLt. 

sLon a r H ""'^^ ^' ■'-"'^^ 

silicon as two-d,mens,onal arrays. In one embodiment of SOC 10 six trunk 

.hereupon. For communication, however, in order to prevent out-of-ordering 
Of packe.s or frames, the same port must be used for packet flow 

en..»at.nofwhichportwi«beusedforcommunica«onisba£^^^^^^^^^^ 
Of me following: source MAC address, destination MAC address, source IP 
address, destination IP address, or combinattons of souice and destina«In 
addresses. ,f source MAC is used, as an exampte, , station A on rtTo 
Z:inr'°''"'^''^'*^*'°""^°"^°"''°'^^^°'«VV2,then«,e,a: 

^J r T: ""^"^ ^' "---^ - - '"e source 

addressfiew Of the packet, are used togenerateatrunk port index. The.runk 
port index. Which is then looked up on the t™nk g^up table by the ^ es^ 

port of the trunk group will be used for the communicaBon. In other words 
When a packet is sought to be sen. from stafen A to station B address 
reso u on is conduced as se. forth above. ,f .he packet . to be han l 
through a trunk group, then a T bit will be set in me ARL en.,y which is 

d^.ina.ion address .s teamed from one of the frunk ports. The egiess port 

^ potrr . port 

and TGID which are contained in«,e ARLen.,y «,ereft.,e de«newhich 
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part of the packet is used to generate the trunk port index. For example, if the 
RTAG value is 1 , then the last three bits of the source MAC address are used 
to identify the trunk port index; using the trunk group table, the trunk port 
index can then be used to identify the appropriate trunk port for 
5 communication. If the RTAG value is 2, then it is the last three bits of the 
destination MAC address which are used to generate the trunk port index. If 
the RTAG is 3, then the last three bits of the source MA<C address are 
XORED with the last three bits of the destination MAC address. The result of 
this operation is used to generate the trunk port index. For IP packets. 

10 additional RTAG values are used so that the source IP and destination IP 
addresses are used for the trunk port index, rather than the MAC addresses. 

see 10 is configured such that if a trunk port goes down or fails for 
any reason, notification is sent through CMIC 40 to CPU 52. CPU 52 Is then 
configured to automatically review the trunk group table, and VLAN tables to 

1 5 make sure that the appropriate port bit maps are changed to reflect the fact 
that a port has gone down and is therefore removed. Similarly, when the 
trunk port or link is reestablished, the process has to be reversed and a 
message must be sent to CPU 52 so that the VLAN tables, trunk group tables, 
etc. can be updated to reflect the presence of the trunk port. 

20 Furthermore, it should be noted that since the trunk group is treated as 

a single logical link, the trunk group is configured to accept control frames or 
control packets, also known as BPDUs, only one of the trunk ports. The port 
based VLAN table, therefore, must be configured to reject incoming BPDUs 
of non-specified trunk ports. This rejection can be easily set by the setting of 

25 a B bit in the VLAN table. IEEE standard 802. 1 d defines an algorithm known 
as the spanning tree algorithm, for avoiding data loops in switches where 
trunk groups exist. Refemng to Figure 19, a logical loop could exist between 
ports 1 and 2 and switches SW1 and SW2. The spanning algorithm tree 
defines four separate states, with these states including disabling, blocking, 

30 listening, learning, and forwarding. The port based VLAN table is configured 
to enable CPU 52 to program the ports for a specific ARL state, so that the 
ARL logic takes the appropriate action on the incoming packets. As noted 
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The St bit in the ARL table enables th^ ppi i ♦ . oruus. 

nee. in P,.e 18, s..ioe„..e ; „ al ! ^"'""^^ 
bit In the ARI t.hio ^ ^ ^® ^^'"9 Process. The hit 

IP/IPX 

Referring again to Figure 14, each EPIC 20, GPIC 30 or IPIC an 

petit an;:r air: ~ ^-^^^ - 

. «iiu uuiizes a table, implemented in silicon uuh.VK 

] r'""' '""'"^ ^'-'"v 1 an.! z 

'P longest prefix cache lookup HP LPr\ ann . 

lookup „PX_LPC,. During th eTatr 3 io . '''' """^ "^^^ 

S6ar^h»„ ^ '°°''"P' a ""mber of concurrent 

pace, aririr ^xr - - - 

-pa.e..3.ri.n.r;re:rtrr:::rrpr 
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hexadecimal codes are used to determine the packet types. If the packet Is 
identified as neither an IP packet nor an IPX packet, the packet is directed to 
CPU 52 via CPS channel 80 and CMIC 40. It should be noted that if the 
packet is identified as an IPX packet, it could be any one of four types of IPX 
packets. The four types, as noted previously, are Ethernet 802.3, Ethernet 
802.2, Ethernet SNAP, and Ethernet II. 

The concurrent lookup of L3 and either IP or IPX are important to the 
performance of SOC 10. In one embodiment of SOC 10, the L3 table would 
include a portion which has IP address information, and another portion which 
has IPX information, as the default router tables. These default router tables, 
as noted previously, are searched depending upon whether the packet is an 
IP packet or an IPX packet. In order to more clearly illustrate the tables, the 
L3 table format for an L3 table within ARLyL3 tables 21 is as follows: 

IP or IPX Address - 32 bits long - IP or IPX Address - Is a 32 bit IP or 

IPX Address. The Destination IP or IPX Address in a packet is used 

as a key in searching this table. 

Mac Address - 48 bits long - Mac Address is really the next Hop Mac 
Address. This Mac address is used as the Destination Mac Address 
in the forwarded IP Packet. 

Port Number - 6 bits long - Port Number - is the port number the 
packet has to go out if the Destination IP Address matches this entry's 
IP Address. 

L3 Interface Num - 5 bits long - L3 Interface Num - This L3 Interface 
Number is used to get the Router Mac Address from the L3 Interface 
Table. 

L3 Hit Bit - 1 bit long - L3 Hit bit - is used to check if there is hit on this 
Entry. The hit bit is set when the Source IP Address search matches 
this entry. The L3 Aging Process ages the entry if this bit is not set. 
Frame Type - 2 bits long - Frame Type indicates type of IPX Frame 
(802.2, Ethernet II, SNAP and 802.3) accepted by this IPX Node. 
Value 00 - Ethernet II Frame. Value 01 - SNAP Frame. Value 02 - 
802.2 Frame. Value 03 - 802.3 Frame. 
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Reserved - 4 bits long - Reserved for future use. 
The fields of the default IP router table are as follows: 

IP Subnet Address - 32 bits long - IP Subnet Address - is a 32 bit IP 
Address of the Subnet. 

Mac Address - 48 bits long - Mac Address is really the next Hop Mac 
Address and in this case is the Mac Address of the defayjt Router. 
Port Number - 6 bits long - Port Number is the port number on which 
the forwarded packet has to go out. 

Module ID - 5 bits long - identifies the module in a stack that the 
packet must go out on after a longest prefix match. 

L3 Interface Num - 5 bits long - L3 Interface Num is L3 Interface 
Number. 

IP Subnet Bits -5 bits long - IP Subnet Bits is total number of Subnet 

Bits in the Subnet Mask. These bits are ANDED with Destination IP 

Address before comparing with Subnet Address. 

C Bit - 1 bit long - C Bit - If this bit is set then send the packet to CPU 

also. 

The fields of the default IPX router table within ARL7L3 tables 21 are as 
follows: 

IPX Subnet Address - 32 bits long - IPX Subnet Address is a 32 bit 
I PX Address of the Subnet. 

Mac Address - 48 bits long - Mac Address is really the next Hop Mac 
Address and in this case is the Mac Address of the default Router. 
Port Number - 6 bits long - Port Number is the port number on which 
the fonvarded packet has to go out. 

Module ID - 5 bits long - identifies the module in a stack that the 
packet must go out on after a longest prefix match. 

L3 Interface Num - 5 bits long - L3 Interface Num is L3 Interface 
Number. 

IPX Subnet Bits - 5 bits long - IPX Subnet Bits is total number of 
Subnet Bits in the Subnet Mask. These bits are ANDED with 
Destination IPX Address before comparing with Subnet Address. 
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C Bit - 1 bit long - C Bit - If this bit is set then send the packet to CPU 
also. 

If a match is not found in the L3 table for the destination IP address, 
longest prefix match in the default IP router fails, then the packet is given to 
the CPU. Similarly, if a match is not found on the L3 table for a destination 
IPX address, and the longest prefix match in the default IPX router fails, then 
the packet is given to the CPU. The lookups are done in parallel, but if the 
destination IP or IPX address is found in the L3 table, then the results of the 
default router table lookup are abandoned. 

The longest prefix cache lookup, whether it be for IP or IPX, includes 
repetitive matching attempts of bits of the IP subnet address. The longest 
prefix match consists of ANDing the destination IP address with the number 
of IP or IPX subnet bits and comparing the result with the IP subnet address. 
Once a longest prefix match is found, as long as the TTL is not equal to one, 
then appropriate IP checksums are recalculated, the destination MAC address 
is replaced with the next hop MAC address, and the source MAC address is 
replaced with the router MAC address of the interface. The VLAN ID is 
obtained from the L3 interface table, and the packet is then sent as either 
tagged or untagged, as appropriate. If the C bit is set, a copy of the packet 
is sent to the CPU as may be necessary for learning or other CPU-related 
functions. 

It should be noted, therefore, that if a packet arrives destined to a MAC 
address associated with a level 3 interface for a selected VLAN, the ingress 
looks for a match at an IP/IPX destination subnet level. If there is no IP/IPX 
destination subnet match, the packet is forwarded to CPU 52 for appropriate 
routing. However, if an IP/IPX match is made, then the MAC address of the 
next hop and the egress port number Is identified and the packet is 
appropriately fonn^arded. 

In other words, the ingress of the EPIC 20 or GPIC 30 is configured 
with respect to ARL/L3 tables 21 so that when a packet enters ingress 
submodule 14, the ingress can identify whether or not the packet is an IP 
packet or an IPX packet. IP packets are directed to an IP/ARL lookup, and 
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IPX configured packets are directed to an IPX/ARL lookup. If an L3 match is 
found during the L3 lookup, then the longest prefix match lookups are 
abandoned. 
IP Multicast 

5 SOC 10 is configured to support IP multicast applications, such as 

multimedia conferencing, realtime video, realtime audio. *€tc. These 
applications are heavily dependent upon point-to-multipoint delivery of 
service. Some IP protocols which had been deployed to support IP multicast 
include DVMRP (distance vector multicast routing protocol). Protocol- 
1 0 Independent Multicast-Dense Mode, Protocol Independent Multicast-Sparse 
Mode, Multicast Extensions to SOSPF, etc. In order to implement such 
configurations, each EPIC, GPIC, and possibly other modules on SOC 1 0 are 
provided with an IP multicast table. The ingress logic 14 and egress logic 16 
are configured to handle IP multicast packets. 
15 Each multicast table may be, for example, 256 entries deep, and 128 

bits wide. The table is sorted, and the search key is the source IP address 
plus multicast IP address. Figure 24 illustrates the format for an IP multicast 
table. The fields for such a table can l>e as follows: 

Source IP Address - 32 bits long - Source IP Address is a 32 bit IP 
20 Address of the Source Station. 

Multicast IP Address - 32 bits long -Multicast IP Address - is a 32 bit 
IP Multicast Address. Note: IP Multicast Address is a Class D 
Address; the first three MSBs are all I's. 

L3 Port Bitmap - 31 bits long - L3 Port Bitmap identifies all the ports 
25 on which the packet should go out. 

L3 Module Bitmap - 32 bits long - L3 Module Bitmap identifies all the 
Modules on which the packet should go out. 

Source Port - 6 bits long - Source Port is the port, which is nearest to 
the Source Station. In other words, the Source Station, identified by 
30 the Source IP address, sends multicast traffic through this port. 

TTL Threshold - 5 bits long - If the incoming Multicast Packet has TTL 
below the TTL Threshold then the packet is dropped. 
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Figure 25 illustrates a flowchart for how ingress 14 of an SOC 20 would 
handle an IP multicast packet coming in to a port thereupon. In step 25-1 . the 
packet is examined to determine whether or not it is an IP multicast packet 
without any option fields. If there are option fields, the packet is sent to CPU 
5 52 for further handling. In step 25-2, the IP checksum is validated. In step 
25-3, the destination IP address is examined to see if it is a class D address. 
A class D address is one where the first three most significant bits are all set 
to 1 . If the destination IP address is not a class D address, then the packet 
is dropped. If so. the IP multicast table is searched at step 25-4 with the key 

10 as the source IP address + the destination IP address. If the entry is not 
found, then the packet is sent to CPU 52. If a match is found at step 25-5, the 
TTL (time-to-live) is checked against the TTL threshold value in the IP 
multicast entry at step 25-6. If the TTL value is less than the threshold value, 
the packet is dropped. If the TTL value is not below the threshold, then the 

15 source port is compared to the source port In the entry at step 25-7. If there 
is not a match, then the packet is dropped. If there is a match, the packet is 
appropriately sent over C channel 81 of CPS channel 80 at step 25-8, with 
appropriate P channel messages locked therewith. The packet is sent with the 
L2 port bitmap and L2 untagged bitmap obtained as a result of the L2 search. 

20 and the L3 port bitmap as a result of the IP multicast search. Additionally, the 
IP multicast bit is set in the P channel message, indicating that the packet is 
an IP multicast packet and that the egress, upon receipt of the packet, must 
modify the IP header appropriately. From CPS channel 80, therefore, the 
packet is sent to the appropriate buffer pool until it is obtained by the 

25 appropriate egress port. 

When the appropriate egress port obtains the packet from memory, if 
the egress port is part of the L3 port bitmap, then the packet must be 
modified. The TTL value must be decremented, and the IP header checksum 
is riecalculated. The source MAC address in the packet must be changed to 

30 be the L3 interface MAC address. If the L3 interface associated with the port 
is tagged, then the VLAN tag header must be replaced with the VLAN Id 
configured for the interface. 
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It Should be noted that If there are multiple L3 interfaces associated 
with a port, then multiple packets need to be sent to that port. The CPU bit in 
the IP multicast entry can be set in this situation, so that the packet is given 
to the CPU along with the port bitmap upon which the packet has already 
been sent. The CPU can then send multiple copies of the packet on the port 
w.th the multiple L3 interfaces. This configuration, therefore, minimizes 
complexity and maximizes speed on SOC 10. but provides the added 
flexibility of CPU involvement when necessary. 

Another important field of the filter mask fom)at is the counter index or 
the counter field. This five bit field is incremented every time there is a match 
with the particular filter mask. The counter data is used for a number of 
different purposes, Including finding packet counts for particular types of 
packets, packet statistics, etc. If a network administrator is seeking for 
example, to monitor a particular rate of a particular packet type or a packet 
frequency, or packets from a particular IP address, the counter can be 
configured to be so Incremented. Thresholds can be set by the network 
administrator such that predetermined action can be taken after a selected 
threshold is exceeded. Such action may include changing the priority of the 
packets, dropping further packets, and other action. 

Notable aspects of the rules table format for SOC 10 are fields of 
action bits which enable priority or precedence to be changed from TOS-to- 
COS. and Vice versa. Refemng to the rules table illustrated in Figure 23 and 
the filter mask fomiat. bits 8 and 9 of the action bits field enable this 
conversion. If bit 8 is set. then the 802.1p priority field Is picked up from the 
TOS precedence field in the IP header. If bit 9 is set. then the value of the 
TOS precedence field is picked up from the 802.1p priority field This 

providesthesignificantadvantageofprovidingvaluable information which can 
be read by both routers and switches. Switches operating at layer 2 will look 
at the 802.1P priority field (Inventors- please confirm), while routers 
operating at layer 3. will look at the TOS precedence field. When a packet 
enters the switch domain from the router domain In a LAN. the precedence 
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can be appropriately moved by SOC 10 from the 802. 1p priority field to the 
TOS precedence field, and vice versa. 
HOL Blocking 

SOC 10 incorporates some unique data i\ow characteristics, In order 
5 maximize efficiency and switching speed. In netv^ork communications, a 
concept known as head-of-line or HOL blocking occurs ^when a port is 
attempting to send a packet to a congested port, and immediately behind that 
packet is another packet which is intended to be sent to an un-congested port. 
The congestion at the destination port of the first packet would result in delay 

10 of the transfer of the second packet to the un-congested port. Each EPIC 20, 
GPIC 30, and IPIC 90 within SOC 10 includes a unique HOL blocking 
mechanism in order to maximize throughput and minimize the negative effects 
that a single congested port would have on traffic going to un-congested 
ports. For example, if a port on a GPIC 30, with a data rate of, for example, 

15 1000 megabits per second is attempting to send data to another port 24a on 
EPIC 20a, port 24a would immediately be congested. Each port on each IPIC 
90, GPIC 30, and EPIC 20 Is programmed by CPU 52 to have a high 
watermark and a low watermark per port per class of service (COS), with 
respect to buffer space within CBP 50. The fact that the head of line blocking 

20 mechanism enables per port per COS head of line blocking prevention 
enables a more efficient data flow than that which is known in the art. When 
the output queue for a particular port hits the preprogrammed high watermark 
within the allocated buffer in CBP 50, MMU 70 sends, on S channel 83, a 
COS queue status notification to the appropriate ingress module of the 

25 appropriate GPIC 30 or EPIC 20. \/Vhen the message is received, the active 
port register corresponding to the COS indicated in the message is updated. 
If the port bit for that particular port is set to zero, then the Ingress is 
configured to drop all packets going to that port. Although the dropped 
packets will have a negative effect on communication to the congested port, 

30 the dropping of the packets destined for congested ports enables packets 
going to un-congested ports to be expeditiously fonA/arded thereto. When the 
output queue goes below the preprogrammed low watermark. MMU 70 sends 
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a COS queue status notification message on the sideband channel with the 
b,t se, for the port. When the ingress gats this message, the bit 
corresponding to the port in the active port register for the module is set so 
«.a. the packet can be sent to the appropriate output queue. By waiting until 
the output queue goes below the low watem,ark before re-acBvating the port 
a hysteresis is buil, into the system to prevent constant activa«on and 
deaofvation of the port based upon the fonvarding of only one packet or a 
small number of packets. It should be noted that every module has an acfcve 
port register. As an example, each COS per port may have four .agisters for 
stonng the high watem,ari< and the low „atem,ari<; these .egisters can store 
data ,n terms of number of cells on the output queue, or In tem,s of number 
Of packets on the output queue. In the case of a unices, message, the packet 
.s merely dropped; in the case of multicast or broadcast messages the 
message is dropped with respect to congested ports, but fo^varded to 
uncongested ports. MMU 70 includes all logic required to implement this 
melanism to prevent HOL blocking, with respect to budgeting of cells and 
packets. MMU 70 includes an HOL blocking marker register to implement the 
mechan,sm based upon cells. If the local cell count plus the global cell count 

T ' rrr" ^gf^er value 

thein MMU 70 sends the HOL status notification message. MMU 70 can also 
implement an early HOL notificaBon, thmugh the use of a bit in the MMU 
configuration register which is referred to as a Use Advanced Warning Bit If 
th,s b,t is set, .he MMU 70 sends me HOL noHflcation message if the local cell 
coun Plus the global cell count plus one hundred twenty-one ,121, is greater 

han the va ue in the HOL blocking mari<er register. 121 is the number Of cells 
rn a jumbo frame. 

MMU 7r*'''7''''°**''''"^^'''*=="=="^^^°''^'«^'^°""''^"°ted that 
MMU 70 implements both a spa.ia, and a temporal hysteresis. When the 
local cell coun. plus global cell coun. value goes below the value in the HOL 
bto*,ng marker register, then a poaching .imer value from an MMU 
configurafon register is used to load into a counter. The counter is 
■decremented every 32 clock cycles. When the coumer caches 0, MMU 70 
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sends the HOL status message with the new port bit map. The bit 
corresponding to the egress port is reset to 0, to indicate that there is no more 
HOL blocking on the egress port. In order to carry on HOL blocking 
prevention based upon packets, a skid mark value is defined In the MMU 
5 configuration register. If the number of transaction queue entries plus the skid 
mark value is greater than the maximum transaction queue size per COS, 
then MMU 70 sends the COS queue status message on the S channel. Once 
the ingress port receives this message, the ingress port will stop sending 
packets for this particular port and COS combination. Depending upon the 

10 configuration and the packet length received for the egress port, either the 
head of line blocking for the cell high watemnark or the head of line blocking 
for the packet high watermark may be reached first. This configuration, 
therefore, works to prevent either a small series of very large packets or a 
large series of very small packets from creating HOL blocking problems. 

"•5 The low watermark discussed previously with respect to GBP 

admission logic is for the purpose of ensuring that, independent of traffic 
conditions, each port will have appropriate buffer space allocated in the CBP 
to prevent port starvation, and ensure that each port will be able to 
communicate with every other port to the extent that the network can support 

20 such communication. 

Referring again to MMU 70, CBM 71 is configured to maximize 
availability of address pointers associated with incoming packets from a free 
address pool. CBM 71 , as noted previously, stores the first cell pointer until 
incoming packet 1 12 is received and assembled either in CBP 50, or GBP 60. 

25 If the purge flag of the con-esponding P channel message Is set, CBM 71 
purges the incoming data packet 112, and therefore makes the address 
pointers GPID/CPID associated with the incoming packet to be available. 
When the purge flag is set, therefore, CBM 71 essentially flushes or purges 
the packet from processing of SOC 10, thereby preventing subsequent 

30 communication with the associated egress manager 76 associated with the 
purged packet. CBM 71 is also configured to communicate with egress 
managers 76 to delete aged and congested packets. Aged and congested 
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packets are directed to CBM 71 based upon the associated starting address 
pointer, and the reclaim unit within CBM 71 frees the pointers associated with 
*e packets to be deleted; this Is, essentially, accomplished by modifying the 
free address pool to reflect this change. The memory budge, value is 
updated by decrementing the current value of the associated memory by the 
number of data cells which are purged. 

To summarize, resolved packets are placed on C channel 81 by 
ingress submodule 14 as discussed with respect ,o Figure 8. CBM 7' 

addressed to an egress port. CBM 71 assigns cell pointers, and manages the 
linked l,s.. A plurality Of concurrent reassembly engines are provided with 
one reassembly engine for each egress manager 76, and tracks the frame 
status^Once a plurality of cells representing a packet is fully written into CBP 
50, CBM 71 sends ou, CPIDs to the respecBve egress managers, as 
discussed above. The CPIDs polm to «,e firs, cell of the packet in tt,e CBP 
packet flow is then conWIed by egress managers 75 to transaction MACs 
140 once the CPID/GPID assignmem is completed by CBM 71. The budget 
register (no, shown) of the respective egress manager 76 is appropriately 
decremented by the number of cells associaled wi,h ,he egress, a^er ,he 
complete packet is written into the CBP 50. EGM 76 writes the appropriate 

COSs), then the egress manager 76 writes the PlDs into tt» selected 
^ansaction FIFO corresponding to the selected COS. As will be discussed 
b^ow With respect ,0 Figure 13, each egress manager 76 has Ite own 
scheduler interfacing to the transaction pool or transaction FIFO on one side 
and the packet pool or packet FIFO on the other side. T1,e fransaction FIFO 
"Kludes all PlDs, and the packet pool or packet FIFO Includes only CPIDs 
The^acke. FlFOinterfacestothetransaction FIFO, and inttiates transmission 
s^^T." t^nsmission MAC. Once transmission is 

FrP^^uesr^"'™"'"'''"""^^""^"'"^'^^^^"^-'--^^ 
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As noted previously, there is one egress manager for each port of 
every EPIC 20 and GPIC 30, and Is associated with egress sub-module 18. 
It should be noted that IPIC 90 manages egress in a different manner than 
EPICs 20 and GPICs 30, since IPIC 90 fetches packets from NBP 92. 
5 Figure 13 illustrates a block diagram of an egress manager 76 

communicating with R channel 77. For each data packet 1 12 received by an 
ingress submodule 14 of an EPIC 20 of SOC 10. CBM 71 assigns a Pointer 
Identification (PID); if the packet 112 is admitted to CBP 50, the CBM 71 
assigns a CPID, and if the packet 1 12 is admitted to GBP 60, the CBM 71 

10 assigns a GPID number. At this time, CBM 71 notifies the corresponding 
egress manager 76 which will handle the packet 112, and passes the PID to 
the corresponding egress manager 76 through R channel 77. In the case of 
a unicast packet, only one egress manager 76 would receive the PID. 
However, if the incoming packet were a multicast or broadcast packet, each 

15 egress manager 76 to which the packet is directed will receive the PID. For 
this reason, a multicast or broadcast packet needs only to be stored once in 
the appropriate memory, be it either CBP 50 or GBP 60. 

Each egress manager 76 includes an R channel interface unit (RCIF) 
131, a transaction FIFO 132, a COS manager 133, a scheduler 134, an 

20 accelerated packet flush unit (APF) 135, a memory read unit (MRU) 136, a 
time stamp check unit (TCU) 137, and an untag unit 138. MRU 136 
communicates with CBP Memory Controller (CMC) 79, which is connected to 
CBP 50. Scheduler 134 is connected to a packet FIFO 139. RCIF 131 
handles all messages between CBM 71 and egress manager 76. When a 

25 packet 112 is received and stored in SOC 10, CBM 71 passes the packet 
information to RCIF 131 of the associated egress manager 76. The packet 
information will include an indication of whether or not the packet is stored in 
CBP 50 or GBP 70. the size of the packet, and the PID. RCIF 131 then 
passes the received packet information to transaction FIF0 132. Transaction 

30 FIFO 132 is a fixed depth FIFO with eight COS priority queues, and is 
arranged as a matrix with a number of rows and columns. Each column of 
transaction FIFO 132 represents a class of service (COS), and the total 
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order ,o prov,da policy .asad quali^ of service (QOS,, based upon Ethell 

s andards As data packets arrive in one or n,ore o, ,he COS pnlity 

Of transaction FIFO 132 schediii*:»r 1-5.1 ^ . queues 

oneo„.ep.or«v,ueues::e:C^^^^^^^^^^ 

pointer is based upon a queue schedu T =«'«=''°".?'«he packet 

a user through Z, , T "=^^''"""9 «lg°«hm, which is programmed by 
a user through CPU 52, within COS manager 133. An example of a COS 

packet 1 12 Of v,deo .nforma.on may therefore be passed to packet FIFO 139 
ahe d Of a pacKe, associated with a text document. The COS manag™ 33 
would therefore direct scheduler 134 to , =>™"a9er133 

wim the packet o, video data. ^ '^'^ ^^^'^ 

The COS manager 1 33 can also be programmed using a strict orioritv 

selecting the next packet pointer in transaction FIFO i 9 i i*t • 
Pr^n^ ^ased scheduling method, each of the eig^S ^^^^^ 
provKled w,th a prlonty with respect to each other COS queue C Ztt" 
-..g^thehighestprlor^yCOSqueueareextractedfromtransTlTn" 

sie:;rs"::::: ;*o; '-'■r^ - -'-'"^ "^-^ 

P~9~b,ebandwidrA«ra3sirnI?th'""' ' = 
queue each ro<: . ^ ^ ""''"^ P"°*>' «" COS 

progrrmlJ^onTrhrhir ^ -'"^ 

bandwidth value COS m '"""^ """" """"^^ 

based upon an" oTc ' '"^ ""•''"'"S "-'--^^ 

one prioTy que e ;T"r ^"^ 
Will be achieveTbvrr? a maximum bandwidth 

^ Providedrrr m ^ queues 

a,.o,fthm:orzr:::r""'=°'™^^^^^^ 

modified based upon a user's specific needs. For example, 
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COS manager 1 33 can consider a maximum packet delay value which must 
be met by a transaction FIFO queue. In other words. COS manager 1 33 can 
require that a packet 112 is not delayed in transmission by the maximum 
packet delay value; this ensures that the data flow of high speed data such 
as audio, video, and other real time data is continuously and smoothly 
transmitted. 

If the requested packet is located in CBP 50. the CPID is passed from 
transaction FIFO 132 to packet FIFO 139. If the requested packet is located 
in GBP 60. the scheduler initiates a fetch of the packet from GBP 60 to CBP 
50; packet FIFO 139 only utilizes valid CPID infonnation. and does not utilize 
GPID information. The packet FIFO 1 39 only communicates with the CBP 
and not the GBP. When the egress seeks to retrieve a packet, the packet can 
only be retrieved from the CBP; for this reason, if the requested packet is 
located in the GBP 50, the scheduler fetches the packet so that the egress 
can properly retrieve the packet from the CBP. 

APF 135 monitors the status of packet FIFO 139. After packet FIFO 
139 is full for a specified time period. APF 135 flushes out the packet FIFO. 
The CBM reclaim unit is provided with the packet pointers stored in packet 
FIFO 139 by APF 135, and the reclaim unit is instructed by APF 135 to 
release the packet pointers as part of the free address pool. APF 135 also 
disables the ingress port 21 associated with the egress manager 76. 

While packet FIFO 139 receives the packet pointers from scheduler 
134, MRU 1 36 extracts the packet pointers for dispatch to the proper egress 
port. After MRU 136 receives the packet pointer, it passes the packet pointer 
Information to CMC 79, which retrieves each data cell from CBP 50. MRU 
136 passes the first data cell 112a, incorporating cell header information, to 
TCU 137 and untag unit 138. TCU 137 determines whether the packet has 
aged by comparing the time stamps stored within data cell 112a and the 
current time. If the storage time is greater than a programmable discard time, 
then packet 112 is discarded as an aged packet. Additionally, if there is a 
pending request to untag the data cell 112a, untag unit 138 will remove the 
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tag header prior to dispatching the packet. Tag headers are defined in IEEE 
Standard 802. 1q. 

Egress manager 76, through MRU 136, interfaces with transmission 
FIFO 140, which is a transmission FIFO for an appropriate media access 
5 controller (MAC); media access controllers are known in the Ethernet art. 
MRU 136 prefetches the data packet 1 12 from the appropriate memory, and 
sends the packet to transmission FIFO 140. flagging the beginning and the 
ending of the packet. If necessary, transmission FIF0 140 will pad the packet 
so that the packet is 64 bytes in length. 
1 0 As shown in Figure 9, packet 1 1 2 is sliced or segmented into a plurality 

of 64 byte data cells for handling within SOC 10. The segmentation of 
packets into cells simplifies handling thereof, and improves granularity, as well 
as making it simpler to adapt SOC 10 to cell-based protocols such as ATM. 
However, before the cells are transmitted out of SOC 10, they must be 
15 reassembled into packet format for proper communication in accordance with 
the appropriate communication protocol. A cell reassembly engine (not 
shown) is incorporated within each egress of SOC 10 to reassemble the 
sliced ceils 112a and 112b into an appropriately processed and massaged 
packet for further communication. 

Figure 16 is a block diagram showing some of the elements of CPU 
interface or CMIC 40. In a preferred embodiment, CMIC 40 provides a 32 bit 
66 MHZ PCI interface, as well as an I2C interface between SOC 10 and 
external CPU 52. PCI communication is controlled by PCI core 41 , and I2C 
communication is performed by I2C core 42, through CMIC bus 167. As 
shown in the figure, many CMIC 40.elements communicate with each other 
through CMIC bus 167. The PCI interface is typically used for configuration 
and programming of SOC 10 elements such as rules tables, filter masks, 
packet handling, etc., as well as moving data to and from the CPU or other 
PCI uplink. The PCI interface is suitable for high end systems wherein CPU 
52 is a powerful CPU and running a sufficient protocol stack as required to 
support layer two and layer three switching functions. The I2C interface Is 
suitable for low end systems, where CPU 52 is primarily used for initialization. 
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Low end systems would seldom change the configuration of SOC 10 after the 
switch is up and running. 

CPU 52 is treated by SOC 10 as any other port. Therefore. CMIC 40 
must provide necessary port functions much like other port functions defined 
5 above. CMIC 40 supports all S channel commands and messages, thereby 
enabling CPU 52 to access the entire packet memory and -cjegister set; this 
also enables CPU 52 to issue insert and delete entries into ARI_/L3 tables, 
issue initialize CFAP/SFAP commands, readAvrite memory commands and 
ACKs, read/write register command and ACKs, etc. Intemal to SOC 10, 

10 CMIC 40 interfaces to C channel 81 , P channel 82, and S channel 83, and is 
capable of acting as an S channel master as well as S channel slave. To this 
end. CPU 52 must read or write 32-bit D words. For ARL table insertion and 
deletion, CMIC 40 supports buffering of four insert/delete messages which 
can be polled or interrupt driven. ARL messages can also be placed directly 

15 into CPU memory through a DMA access using an ARL DMA controller 161. 
DMA controller 161 can interrupt CPU 52 after transfer of any ARL message, 
or when all the requested ARL packets have been placed into CPU memory. 

Communication between CMIC 40 and C channel 81/P channel 82 Is 
performed through the use of CP-channel buffers 162 for buffering C and P 

20 channel messages, and CP bus interface 163. S channel ARL message 
buffers 164 and S channel bus interface 165 enable communication with S 
channel 83. As noted previously, PIO (Programmed Input/Output) registers 
are used, as illustrated by SCH PIO registers 166 and PIO registers 168, to 
access the S channel, as well as to program other control, status, address, 

25 and data registers. PIO registers 168 communicate with CMIC bus 167 
through I2C slave interface 42a and I2C master interface 42b. DMA controller 
161 enables chaining, in memory, thereby allowing CPU 52 to transfer 
multiple packets of data without continuous CPU intervention. Each DMA 
channel can therefore be programmed to perform a read or write DMA 

30 operation. Specific descriptor formats may be selected as appropriate to 
execute a desired DMA function according to application rules. For receiving 
cells from MMU 70 for transfer to memory, if appropriate, CMIC 40 acts as an 
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egress port, and follows egress protocol as discussed previously. For 
transferring cells to MMU 70. CMiC 40 acts as an ingress port, and follows 
ingress protocol as discussed previously. CMIC 40 checks for active ports, 
COS queue availability and other ingress functions, as well as supporting the 
5 HOL blocking mechanism discussed above. CMIC 40 supports single and 
burst PIO operations; however, burst should be limited to S channel buffers 
and ARL insert/delete message buffers. Referring once again to I2C slave 
interface 42a. the CMIC 40 is configured to have an I2C slave address so that 
an external I2C master can access registers of CMIC 40. CMIC 40 can 
1 0 Inversely operate as an I2C master, and therefore, access other I2C slaves. 
It should be noted that CMIC 40 can also support MUM through MUM interface 
169. MUM support is defined by IEEE Standard 802.3u, and will not be 
further discussed herein. Similarly, other operational aspects of CMIC 40 are 
outside of the scope of this invention. 
'•5 A unique and advantageous aspect of SOC 10 is the ability of doing 

concurrent lookups with respect to layer two (ARL), layer three, and filtering. 
When an incoming packet comes in to an ingress submodule 14 of either an 
EPIC 20 or a GPIC 30. as discussed previously, the module is capable of 
concurrently performing an address lookup to determine if the destination 
20 address is within a same VLAN as a source address; if the VI_AN IDs are the 
same, layer 2 or ARL lookup should be sufficient to property switch the packet 
in a store and fonvard configuration. If the VLAN IDs are different, then layer 
three switching must occur based upon appropriate identification of the 
destination address, and switching to an appropriate port to get to the VLAN 
of the destination address. Layer three switching, therefore, must be 
perfomned in order to cross VLAN boundaries. Once SOC 1 0 determines that 
L3 switching is necessary, SOC 10 identifies the MAC address of a 
destination router, based upon the L3 lookup. L3 lookup is determined based 
upon a reading in the beginning portion of the packet of whether or not the L3 
bit is set. If the L3 bit is set, then L3 lookup will be necessary in order to 
identify appropriate routing instructions. If the lookup is unsuccessful, a 
request is sent to CPU 52 and CPU 52 takes appropriate steps to identify 
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appropriate routing for the packet. Once the CPU has obtained the 
appropriate routing information, the information is stored in the L3 lookup 
table, and for the next packet, the lookup will be successful and the packet will 
be switched in the store and forward configuration. 
5 Interconnectability 

IPIC 90 of SOC 10 provides significant functionality^.with respect to 
Interconnectability. In particular, IPIC 90 enables a significant amount of 
flexibility and performance regarding stacking of a plurality of SOC 10 chips. 
Using the high performance interface discussed previously, two SOC 1 0 chips 

10 or switch modules can be connected through their respective IPIC 90 
modules. Such a configuration would enable the SOC switch modules to also 
commonly connect their CMIC 40 modules to a common CPU 52. In such a 
configuration where each SOC 10 includes three EPIC 20 modules each 
having eight fast Ethernet ports and two GPIC modules each having one 

1 5 gigabit Ethernet port, the resulting configuration would have 48 fast Ethernet 
ports (24 ports per SOC 1 0) and four gigabit Ethernet ports. Figure 26 
Illustrates such a configuration, wherein CPU 52 is commonly connected to 
CMIC 40(1) and CMIC 40(2), of SOC 10(1), and SOC 10(2), respectively. 
IPIC 90(1) and IPIC 90(2) are interconnected through high performance 

20 Interface 261 . The fast Ethernet and gigabit ports are collectively shown as 
ports 24(1) and 24(2), respectively. 

Other stacking configurations include what is referred to as a ring 
configuration, wherein a plurality of SOC 10 chips are connected to a ring 
through an I CM (interconnect module) interface. Yet a third stacking 

25 connection is a plurality of SOC 1 0 chips or switches being connected through 
an ICM to a crossbar switch, in such a way that the crossbar switch 
interconnects the plurality of SOC 10 switches. These additional two stacking 
configurations are illustrated in Figures 27A and 27B. respectively. Figure 
27A illustrates SOC 1 0(1 ) connected to ring R through ICM 271 (1 ), as well as 

30 SOC 10(2) being connected to ring R through ICM 271(2). This configuration 
enables a plurality of SOC 1 0 switches to be stacked. In one embodiment, 
as many as 32 SOC 10 switches could be attached to ring R. Figure 27B 
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illustrates a crossbar configuration, wherein SOC 10(1) and 10(2) are 
connected to crossbar C through (CM 271(1) and 271(2), respectively. This 
configuration, like that of Figure 27A, enables a significant number of SOC 
switches to be stacked. The crossbar C is a known device which acts as a 
matrix or grid which is capable of interconnecting a plurality of ports through 
activation of an appropriate matrix connection. 

As illustrated in Figures 1 and 2, IPIC 90 of each SOC 10 interfaces on 
one side to CPS channel 80, and on the other side to the high performance 
Interconnect link 261 . Packets coming In to IPIC 90 which are destined for 
other ports on SOC 10 are handled essentially as packets coming in to any 
other port on SOC 10. However, due to the existence of the module header 
for stacked communications. IPIC 90 includes a shallow memory to store the 
incoming packet. The module header is stripped on the ingress; the module 
header, as noted previously, is appended to the packet by the source module. 
IPIC 90 then performs address resolution. Address resolution is different for 
packets coming into IPIC 90 than for packets coming into EPICs 20 or GPICs 
30, and will be discussed below. After address resolution, the destination or 
egress ports are determined, and the port bitmap is constructed. The packet 
is then sliced into cells, and the cells are sent to MMU 70 over CPS channel 
80. The cell data is sent over C channel 81 , and the appropriate messages, 
Including the module header, is sent over P channel 82. 

For the case where cells come in to other ports on SOC 10 and are 
destined for the high performance interface 261 , the cells are placed on CPS 
channel 80 from the appropriate Ingress port, where they are then received 
by IPIC 90. The cells are interleaved back into packets in NBP 92, and are 
not, therefore, handled by MMU 70. The NBP, as noted previously, is on-chip 
memory, which Is dedicated for use only by the IPIC 90. The NBP can be 
separately segregated memory, or reserved memory space within CBP 50. 
The module header information, appended to the packet by the source, is 
received by IPIC 90 from the P channel. The module header includes the 
module ID bitmap, COS. mirrored-to port/switch infomiation. trunk group ID, 
etc. The constructed packet is then sent onto the high performance interface 
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261. „ Should be noted that interface 261 typically being sou.ht to b« 
accessed by two devir*»<s p«.« . ^ «'"g sought to be 

''?°''""'°"*'"-°"'"'"«»»"""™»»«.nlPICJO I. 
Sir" " ""■"■•"-"""■"■"="•*«• 

M ^71 . the IPIC can no longer receive packets, for example if the CBP 
50 and GBP 60 are ft.,,, then the ,PIC wiil assert the pa.se J;. ;!'"' 
a pause s.gna, to the ICM. As soon as it is appropHate ,o resume ^1 
e*,er direCon. me signal is de-asserted to resume traffic flow I, shou^lT 

rnern:r:;rrr~*°--"'-^^^ 

. men the HOL blocking prevention mechanism discussed 
previously will be activated. aiscussed 

"^'^'•""9 «9^""° the function of arbiter 93, arbMer 93 controls the 

bandw, then high perfom,anceinte,,ace261. Usingacon«gu.trr s e; 
P onty for packet handling can be switched ^ the IPIC 90 to the ICM 2 T 

and v,ce versa, after predetem.ined periods. ,n situations where ther^i „c 
CPU wh : ""^ " wi'" ""C 90(2), then a ^st^ 

93 and flow control logic 94. "nie master CPU would be one CPU 52 of a 
P-ura.^ Of CPUs 52 associated with a plurality of SOC switches 10 

It Should also be noted that NBP manager 95 controls memory 
managemen, for NBP 92. NBP manager 95. therefore, pe,fom,s many 
funcons Which are spe^flc to IPIC 90, but Which are Similar to thric::: 
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to <?OC 1 0 Some notable differences exist, however, 
ofMMU70w.threspecttoSOC10.Som 2 is treated as one 

in that there is no CBP/GBP admission logic, smce NBP 92 

memory buffer pool. perfomiance interface 

Packets which are arriving at IPIC 90 trom nig h . ^^^^ is 

C B« I on. lui a Control 
is a control frame or a data frame. This bit is set to 

Frame and is set to 0 for data frame. 

vre<.O.iden««es*atmepaoKe.isaunicastPacKetand.he Egress 

Po "s uniquely identWed by Modute .d Bim,ap (on^ one b w, be se 
rnTHirfJ)andtHeEgressPortNun,be,.Va.ue01-iden«est.«^^^^^^ 

PacKet is a Broadcast or Destination Lookup Failure (DLF) and .s 
'I « Id .0 Multiple ports on the same Module or muKipie ports on 
d«eremModules The Egress port is not a va.k.«eld in this scenano. 
v!l 2 identmes .i,at the PacKe. is a Multicast Packet and « 
aill to multiple ports. Value 03 - identHies that the PacKet .s a 
IP Multicast Packet and is addressed to Multiple Ports, 
20 IP Multicast ra ^^^^ 

T6ID - 3 bits tong - TGID Bits lui , .,t ha te set 

Identitier of the Sour^ Port This field is val.d only .f T bU • set. 
T.1 bltiong-TBtt-«thisbitisset«,enTGID,savai,dfield. 

MT ModuJld BUmap - 5 bits long - MT Module id is "M.rrored^To 
Luield. Thisfiekiisusedtosendthepackettoa-rn^ored-o PO^ 
Ich is .ocatedonaremoteModuie.Thisfeid-,s valid only ..Mbifs 

MBH-lbitiong-MBit-i. this bitiss^thenMT Module id isavaiid 

ten - 14 bus long - Oata Len «es the data .ngth oT the 
S'sb-.ts.ong.CoSBIts-.dentir.stheCoSPriorKyforthisFrame. 



T- 

25 
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CRM - 1 bit long -Cos Re-Map Bit - This bit is used to re-map the CoS 

based on the Source Module Id + Source Port Number. This feature 

is useful for the Modules that does not have CoS Mapping Capability. 

Module id Bitmap - 32 bits long - Module Id Bitmap - bitmap of all the 

modules, which are supposed to receive the Packet. 

Egress Port - 6 bits long - Egress Port - is the Port-Number on the 

remote Module, which is suppose to receive this packet. 

New IP checksum - 16 bits long - New IP Checksum - This is mainly 

used for the IP Multicast Switched Traffic. 

PFM - 2 bits long -Port Filtering Mode Bits - These are the port Filtering 
Mode for the Source Port. 

Source Port - 6 bits long - Source Port is the Source Port Number of 
the Packet. 

ORG Bits - 2 bits long - CRC bits - These are the same CRC bits from 
P channel message that are copied in here. Value 0x01 - is append 
CRC bit. If it is set then the egress port should append the CRC to the 
packet. Value 0x02 - is Regenerate CRC bit. If this bit is set then the 
egress port should regenerate CRC. Value 0x00 - no change in CRC. 
Value 0x03 - unused. 

Source Mod Id - 5 bits long - Source Mod Id - is the Source Module Id 
of the Packet. 

Data - N bit long - Data Bytes - The data bytes may contain the CRC. 
One has to examine the CRC bits to find out if data contains CRC. If 
CRC bits is set to append CRC then data does not contain CRC bytes. 
If CRC bits is set to regenerate CRC then data contains CRC bytes but 
it's not a valid CRC. If CRC value is 00 then data contains CRC and 
is a valid CRC. 

CRC Of (Module Header -•■ Data) - 4 bits long - CRC value including 
the data and the Module Header. 

In order for IPIC 90 to properly perform address resolution, numerous 
tables must be included within tables 91. These tables include an 802. 1q 
VLAN table, a multicast table, an IP multicast table, a trunk group bitmap 
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table, a priority to COS queue mapping table, and a port to COS mapping 
table. The ARL logic for IPIC 90 differs from the previously-discussed 
EPIC/GPIC address resolution logic for numerous reasons. First of all, the 
packet starts after the 16 bytes of module header; the module header 
contains information regarding whether the packet is a control frame or a data 
frame. Control frames are always sent to the CPU after the aiodule header 
is stripped. The module header contains the trunk group identifier 
infomnation, the mirrored-to port information, egress port infonnation, etc. Any 
time the C bit Is set in the module header, the packet is sent to the CPU. The 
T bit and the TGID bits are provided in the module header in order to support 
trunking across the modules. Mirroring is controlled by the MT module ID 
bitmap and the M bit. The CRM, or COS-Re-map bit, enables re-mapping of 
the COS based upon the source module ID and the source port number. This 
remapping can become necessary in situations where switches are supplied 
from different vendors. 

Referring to Figure 29. address resolution for a packet coming in to 
IPIC 90 from high performance interface 271 is as follows: 

The packet coming in to IPIC 90 from interface 261 is stored in shallow 
buffer 96, where the IPIC ARL logic 97 determines whether GBP 60 is full at 
step 29-1 . If so, the packet is dropped at step 29-2. If not, logic 97 determines 
at step 29-3 if the M bit is set in the module header, and also checks to see 
if the module ID for the "min-ored-to" module is equal to the present module 
ID. If so, the mirrored-to port is obtained from the port mirroring register for 
SOC 1 0, and a bit is set in the port bitmap which corresponds to the mirrored- 
to port, and the packet is sent to the mirrored-to port at step 29-4. If the 
answer is NO regarding the M bit, and after the sending of the packet to the 
min-ored-to port, ARL logic 97 then checks to see if the C bit is set at step 29- 
5. If so. the packet is sent to the CPU at step 29-6. The CPU bit in the port 
bitmap is set so as to ensure the packet is sent to the CPU. If the C bit is not 
set, or after the packet has been appropriately sent to the CPU. ARL logic 97 
then determines whether or not the packet is a unicast packet at step 29-7. 
If so, the packet is appropriately placed on CPS channel 80 with the bit 
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corresponcng ,o ,he egress por, appropriately set in ,hs port bftmap. „ ,he 

the TGID. If .he CRM bi. is se,. then .he por...o.C.OS mapping .able is 

searched .oge.tt,eappropria,eCOS queue, omer^ise, the COS is Picked up 
from .he module header. This sending s.ep occurs at step 29-8 I, i, is 

d^ermined .ha. «,e packet is not a unices, packet, then a'f step 29-9 IPIC 

ARL logic 97 de.en«ines whether the packet is a multicast packet This 

detem.,nationismade,asmentionedpreviously,byexaminingthedestina.ion 
address to see if i, is a class D address. Class D classification is one wherein 
the first *,ee MSBs of .he muLicas, IP address are se. to one If L 
determined that I, is in fact an IP multicast packet, then two separate and 
concurren. processes are perfonmed. A. s.ep 29-10, a search is perfonned 
of the IP mumcast table, with the source IP address and «» destinaSon IP 
address as the search key. If «,ere is a match or a hit, then the TTL in the IP 
header ,s compared to the TTL mreshold a. step 29-11. „tt,e TTL is below 
the .hreshold, «,e packet is sen. to .he CPU. If the TTL is not below the TTL 
threshold, .hen me L3 port bitaap is oblained, and it is detemiined whether 

.".r^t?°''''""''''"'""'"'*'°'*"^'=''''^''°'''^9'''-~--P°nding 
totheCOSformepacket The new IP checksum from the module header is 
sen. on the P-channel, and the packet is sent on the Cchannel. This process 
.s ..lustrated as L3 switching step 29-1 3. If the search of step 29-10 does not 
Insult .n a m. then the packet is sent to the CPU at step 29-12, and bi. 8 o, 
the CPU opcodes are set. 

The second process which is pe,fom»d upon detemiinafon of whettter 
or not the packet is a muldcast packet involves layer 2 switahing. SOC 10 
therefore, enables hybrid multicast t^atment That is, fterefore, me same 
packet can be switched a. layer 2 and layer 3. A. step 29-14, after step 29-9 
detem„nes «,at the packet is a mulBcas. packet, meiefore, ARL logic 97 

examines the PFM (port filtering mode)bits of the module header. If the PFM 
« set ,o zero. tt,en the packet is forwarded to all ports. The port bitmap is 
oWarned from «,e port VIAN table, appropriate exclusion of the IPlC port is 
made, the trunk port is appropriately identified, the COS is picked up. and the 
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packetisappropriatelyforwardedatstep 29-15. If the PFM is not set to zero, 
then the multicast table is searched at step 29-16 using the destination key, 
which is formed of the destination address and the VLAN ID. If there is no h.t. 
then logic 97 once again examines the PFM at step 29-17 for the ingress port. 
5 If the PFM is set to 2. the packet is dropped. If the PFM is not set to 2. the 
port bitmap is obtained from the VLAN table at step 29-19. and the packet .s 
forwarded at step 29-20. If the destination search of step 29-16 is a hit. the 
port bitmap is obtained from the multicast table at step 29-1 8. and the packet 
is forwarded at step 29-20. In step 29-20. appropriate port registers are set 
10 based upon T bit. COS. mirroring, etc., and the packet is fonvarded to the 
appropriate destinations. This configuration, as mentioned previously, 
enables unique hybrid multicast handling, such that a multicast packet can be 
appropriately switched at layer 2 and/or layer 3. 

Referring once again to Figure 28. access to NBP 92 is controlled by 
15 NBP manager 95. Once again, packets coming in to IPIC 90 on high 
perfomiance interface 261 are first stored in shallow buffer 96. which can be. 
for example. 3 cells deep. The module header, which is 16 bytes long, and 
a predetermined number of packeted cells (such as 14 bytes), come .n. and 
the address resolution discussed above is performed by ARL logic 97. The 
20 VLAN table, multicast table, and IP multicast tables which fom. tables 91 are 
used for the various lookups. No ARL tables are provided because the 
module header provides information regarding unicast. multicast, etc.. through 
the remote port number. The remote port number is the module ID plus the 
destination port number. Since the destination port number is available, an 
25 ARL table as utilized in EPlCs 20 and GPlCs 30 is unnecessary. The PFM 
bits of the module header are defined according to the 802.1p standard, and 
enable address resolution for multicast as discussed above. Therefore, 
packets coming in on interface 261 are placed in the shallow buffer for 
address resolution. After address resolution, the packet is placed on CPS 
30 channel 80. where it is sent to MMU 70 for appropriate memory arbitration 
and storage prior to being picked up by the appropriate egress. Packets 
coming in destined for IPIC 90 from EPICs 20 and GPICs 30 are sent directly 
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on CPS channel 80 into NBP 92. Through the use of NBP manager 95. IPIC 
90 sends appropriate S channel messages regarding the operation of NBP 
92, and IPIC 90 in general. Such S channel messages may include NBP full, 
GBP full, HOL notification, COS notification, etc. NBP manager 95, therefore, 
5 manages the FAP (free address pointer pool) for the NBP. handles cell 
transfer for the NBP. assigns cell pointers to the incoming cells, assembles 
cells into packets, writing of packet pointers into packet fifo 98, and monitors 
the activities of scheduler 99. Scheduler 99 works in conjunction with NBP 
92, packet fifo 98. and arbiter 93 in order to schedule the next packet for 

10 transmission on high performance interface 261. Scheduler 99 evaluates 
COS queues in packet fifo 98, and if packets exist in the packet fifo, then the 
packet Is picked up for transmission on high performance interface 261. 
Transmission is controlled by the status of the grant signal with respect to the 
ICM. as controlled by arbiter 93. As shown in Figure 28. scheduler 93 must 

15 appropriately handle eight COS queues in packet fifo 98. Appropriate COS 
management determines which will be the next packet picked up from the 
priority queues. COS management is perfomied by a COS manager (not 
shown) which is a part of scheduler 99. Scheduler 99, therefore, can be 
programmed to enable different types of queue scheduling algorithms, as 

20 necessary. Two examples of scheduling algorithms which can be used are 
1) strict priority based scheduling, and 2) weighted priority based scheduling. 
Both of these algorithms and associated registers can be programmed as 
appropriate. 

When scheduler 99 picks up a packet for transmission, the packet 
25 pointer is obtained from packet fifo 98, and the first cell of the packet is 
pointed to by the packet pointer. The cell header contains all of the required 
information, and the module header is a valid field therein. The data to be 
transmitted is available from the 16th byte, and the module header field is not 
considered a valid field. Appropriate linking of the cells is ensured to make 
30 sure that complete packets are reassembled and sent on high performance 
interface 261 . 
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The above-discussed configuration of the Invention Is, in a preferred 
embodiment, embodied on a semiconductor substrate, such as silicon, with 
appropriate semiconductor manufacturing techniques and based upon a 
circuit layout which would, based upon the embodiments dfscussed above, be 
apparent to those skilled in the art. A person of skill in the art with respect to 
semiconductor design and manufacturing would be able to yriplement the 
various modules, interfaces, and tables, buffers, etc. of the present Invention 
onto a single semiconductor substrate, based upon the architectural 
description discussed above. It would also be within the scope of the 
invention to implement the disclosed elements of the Invention in discrete 
electronic components, thereby taking advantage of the functional aspects of 
the invention without maximizing the advantages through the use of a single 
semiconductor substrate. 

Although the invention has been described based upon these preferred 
embodiments, it would be apparent to those of skilled in the art that certain 
modifications, variations, and alternative constructions would be apparent, 
while remaining within the spirit and scope of the invention. In order to 
detemnine the metes and bounds of the invention, therefore, reference should 
be made to the appended claims. 
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CLAIMS: 

1. A network switch for swftching packets from a source to a 
desftnauor,, said network switch comprising- 

a source port for receiving an incoming packet from a source- 

a destina«on port which contains a path to a destination for the packet- 

.^""-""'"orconstructingandappiyingafiitertoseJectedfieronhe 
n^on.ngpacket.sak.«,terun«comp.singMering,og.^ 

2. A network switch as recited in daiml. Wherein the filterinalooic 
■s configured to perfon. a binary search of the ruies table i X .1 
detemiine matches on a field*y.field basis. 

3 A network switch as recited in claim 2, wherein said network 

bXr^p^r'tr^""^^""'"™^^^ 

oy a remote CPU through the CPU interface. 

en J' . "^""^ ^ ^'^^ "h^-^'n the filtering unit 

cati be configured to modify inoomino oackets M .h=„ ■ . 

fiekJ therein. """9 P^*^'* 'o change a pnonty handling . 

th» m ' ^ '^^^ ""-erein the rules table 

- ^ -9'e 

6 '^"*'^**"«'*asrecitedindaim1,whereinsaidfilterinQloaic 
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7 A net«ori< switch as recited in claim 6. wi,erein said 

-~"irrr::::i^anet.^^ 

comprising the steps of : 

--Z:^:^^^- «.pa.ettoc.atea 
™" Tncatena«ng .He «er vaiue witi, at .east one predetermined paCet 
*°3^r:::e:ie ^ ^ sear. Kev to determine . a mate. 
^''■'^"•;"Lin.ac«onasspecHied.v«^eru,esta..et>asedaponamatci. 

°' r S, ^.rein ac«on is pe^omted 

r TmC ar:::::^-- a.on is pe^rmed 

•,nc.udes modi^ing an iP Header in the pa^Ket^ 

19 A method as recited in ciaim « i, w 

inciudes directing the packet to a priority COS queue. 

14 A method as recited in claim 8. wherein perfomimg act,on 
.oiudJs a step of sending the packet to a remote CPU for further packet 

'""'t. A method as »cited in Cairn 8. wherein performing actton 
includes dropping the packet. 
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16. A method as recited in claim 8. wherein performing action 
includes directing the packet to a mirroring port in addition to a destination 
port. 

17. A method as recited in claim 8, wherein, upon a match of the 
search key, a counter is incremented to indicate an occurrence of a 
preselected packet type. 

18. A method as recited in claim 8, wherein performing action 
includes replacing a value in a first field of the packet with a value from a 
second field of the packet. 

19. A method as recited in claim 1 8, wherein the first field is one of 
a precedence field and a priority field in an IP header, and wherein the 
second field is another of the precedence field and the priority field In the IP 
header. 

20. A method as recited in claim 8, wherein performing action 
includes setting a differentiated services value based upon a differentiated 
services field in the rules table. 

21 . A method as recited in claim 8, wherein searching the rules table 
results in a plurality of filter matches, and wherein the plurality of filter 
matches are prioritized based upon a predetermined filter priority in a filtering 
unit. 

22. A method as recited in claim 8, wherein performing action 
includes replacing an egress port field associated with the packet with an 
output port field determined from the rules table. 

23. A method as recited in claim 8, wherein performing action 
includes storing the packet in a memory buffer and then fonvarding the packet 
to a destination address. 

24. A method as recited In claim 8, further comprising the step of 
performing traffic conditioning on the packet. 

25. A method as recited in claim 24, wherein said step of performing 
traffic conditioning further comprises the steps of: 

setting information bits in a packet at a network boundary; 
classifying packets according to the information bits; and 
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oondi«oning the packets a. ,he nefcvork boundary in accordance wfth 
predetermined rules of service. 

26. A method as recited in claim 24, wherein said classifying step 
further compr^es assigning a single dWarentiated sen,ices code point to the 
packet being conditioned in accordance with predefined policies 

f.^r * '""'^ '"^Xy^ step 

further compnses fonvarding the packet based upon the differentiated 
services code point. 

fu,th»r^'' ^ '^"'"^ ^« ^'^^fying step 

agglgar'"'' °' ^"^ ''«'-™' 

i. H r ^'^"ifying step 

IS performed by a fast filtering processor. 

i. n r,'°' . C ^ ^^'^ Classifying step 

IS perfomied by using a mapping .able associated with at least one of the 
differentiated services values and class of service values. 

31. A method as recited in Claim 25, Wherein said conditioning step 
further compnses managing the temporal properties of the packet 

32. Amethodasrecitedinclaim25,whereinsaidcorditk.ningstep 
further comprises shaping the packet. 

further '^""^ """^ ""dftioning step 

further compnses dropping the packet. 

further ^^X" condiHoning step 
further compnses re-mart<ing the packet. 

35. A method as recited in claim 8, Wherein said step Of applying at 
least one mask to a field value comprises: PP^gat 

applying a predetemnined number of offsettable masks to the packet 
to generate a predetemiined number of sub-fields- and 

concatenating the sub-fields to generate a packet key 

. nr.H ?■ . * ^ "'"'^ said step of appMng 

a p,edetem„ned number o, offeetfable masks further comprises 



XXID. <WO_0056024A2_I_> 



wo 00/56024 



PCT/USOO/06942 



117 

applying four offsettable masks, each of the masks being represented 
by a field of a predetermined length; 

generating four subfields, each sub-field having a predetermined 
number of bytes; and 

concatenating the four subfields into a single field. 

37. A method as recited in claim 8, wherein said at least one 
predetermined packet field further comprises at least one of a filter select 
field, an ingress port field, an egress port field, and a packet format field. 

38. A network switch for network communications, said network switch 
comprising: 

a first data port interface, said first data port interface supporting a 
plurality of data ports for transmitting and receiving data at a first data rate; 

a second data port interface, said second data port interface 
supporting a plurality of data ports for transmitting and receiving data at a 
second data rate; 

a third data port interface for transmitting and receiving data at a third 
data rate; 

a CPU interface, said CPU interface configured to communicate with 
a CPU; 

a first internal memory, said first intemal memory communicating with 
said first data port interface, said second data port interface, and said third 
data port interface; 

a first memory management unit, said first memory management unit 
including an external memory interface for communicating data from at least 
one of said first data port interface and said second data port interface to and 
from an external memory; 

a second intemal memory, said second internal memory 
communicating with said third data port interface; 

a second memory management unit, said second memory 
management unit controlling access to and from said second Intemal 
memory; and 
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a communication channel, said communication channel for 
commun,cating data and messaging lnfom,a.ion between said first data port 
interface, said second data port Interface, said third data port interface, said 
first internal memory, and said first memory management vnit 

. ?hT """"^ -nagement unit directs data from one of 

sa,d first da a port, said second data port, and said third data port to one of 
sa,d interna, memory and said externa, memory interface according to a 
predetemilned a,gorithm. » " a 

39. A network switch as recited in claim 38, wherein said second 
memory management unit is configured to monitor the communication 
Channel and receive data packets from the communication channel wh,ch a,e 
desfined for the third data port interface from one of the firs, data port 
interface and the second data port Interfece. 

40 A network switch as recited In claim 38, wherein the network 
s««tch .nciudes an appending unit for appending a module identlficafion 

third data port Interface. 

41. A network switch as recited in claim 40. wherein the module 

ID "^T"* ""^^ ^'^""'"^ a module 

ID bm^ap Which idenSfies other network swHches to which the dam packet 

should be sent via the third data port interface. 

42. A network switch as recited In claim 40. whei«in the module 

illTT! ""^ P-^^-'y^eappending unit. nciudes mirroring 
infonnation which identmes a port on a remote network switch to which «,e 
packet should be sent. 

he.d»^' . J" ^ "^"^ "O' module 

header.Cudesdataldent«yingac,ass.f.en,lceprlontyfortheda.apacket 
header ■ . ^ '^^ ^''^ "herein the module 
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46. A network switch as recited in claim 45, wherein the plurality of 
tables include at least one of a programmable virtual LAN (VLAN) table, a 
multicast table, an IP multicast table, a trunk group bitmap table, a priority-to- 
class-of-service queue mapping table, and a port-to-class-of-service mapping 
table. 

47. A network switch as recited in claim 38, wherejn said first data 
port interface is configured to support a plurality of data ports transmitting and 
receiving data in accordance with an Ethernet standard, 

said second data port interface supports a plurality of data ports 
transmitting and receiving data in accordance with an Ethernet standard, and 

wherein said third data port interface Is a high-perfonnance interface 
for communicating with other network switches in a stacked configuration. 

48. A network switch as recited in claim 47, wherein said third data 
port interface contains a single input/output port thereupon. 

49. A network switch as recited in claim 38, wherein said first data 
port interface and said second data port interface include a packet slicing unit 
for slicing variable length packets into a plurality of equal length cells. 

50. A network switch as recited in claim 38, wherein said 
communication channel comprises three communication channels. 

51. A network switch as recited In claim 50, wherein said three 
communication channels include a first channel for communicating cell data 
between the plurality of data ports in the first data port Interface, the plurality 
of data ports In the second data port interface, the third data port Interface, 
the first and second Internal memories, and the first and second memory 
management units, said three communication channels also including a 
second channel, synchronously locked with the first channel, for 
communicating message Information corresponding to the cell data on the 
first channel, said communication channels also including a third channel, 
independent from said first and second channel, for communicating sideband 
message information. 

52. A networi( switch as recited in claim 38, wherein said first data 
port interface, second data port interface, third data port interface, CPU 



BNSOOCID- <WO O0S6ae4A2.l_> 



0«/56024 PCT/USOO/06942 

120 

interface, first internal memory, first memory management unit, second 
internal memory, second memory management unit, and said communication 
channel are integrated on a single application specific integrated circuit 
(ASIC) chip. 

53. A network switch as recited in claim 38. wherein the second 
Internal memory and the second memory management unit gre part of the 
third data port interface. 

54. A network switch as recited in claim 38. wherein said second 
memory management unit includes a scheduler, in communication with the 
second internal memory, for controlling fonvarding of packets out of the 
network switch from the second internal memory. 

55. A network switch as recited in claim 54. further comprising an 
arbiter, in communication with the scheduler, for controlling access to a 
communication line to which the data port is connected. 

56. A network switch as recited in claim 38, further comprising a 
stripping unit for stripping a module header from packets which are being 
switched out of the network switch. 

57. A network switch for switching packets from a source to a 
destination, said network switch including: 

a source port for receiving an incoming packet from a source; 

a destination port which contains a path to a destination for the packet; 

and 

a programmable counter unit for counting a number of packets of 
selected packet types which are received by the switch. 

58. A network switch as recited in claim 57, wherein said 
programmable counter unit comprises a filter unit which parses selected fields 
of an incoming packet and compares the selected field to a table to determine 
whether the incoming packet is of a selected packet type. 

59. A network switch as recited in claim 57, further comprising: 

a CPU interface for connecting the network switch to a remote CPU. 
wherein said remote CPU is used to program the programmable counter unit. 
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60. A network switch as recited in claim 57. said network switch 
further comprising: 

an internal memory for storing first selected incoming packets therein; 

a memory management unit comprising an external memory interface 
for interfacing with an external memory, said external memory interface being 
configured to send second selected incoming packets to the e5:temal memory; 
and 

a communication channel for communicating data and messaging 
information between the source port and the destination port, the internal 
memory, and the memory management unit. 

61 . A network switch as recited in claim 57. wherein the counter unit 
includes a rules table therein, said rules table being programmed to store 
rules which control packet flow of a selected packet type after a number of 
counted packets of a selected packet type exceeds a predetennlned 
threshold. 

62. A network switch as recited in claim 57, wherein said counter 
unit is configured to provide separate counts of a plurality of different types of 
incoming packets, and take different action based upon different count values 
for the different packet types. 

63. A network switch stack configuration, said configuration 
comprising: 

a first networi< switch comprising a plurality of data ports, a first 
stacking port, and a first CPU interface; 

a second network switch having a plurality of data ports, a second 
stacking port, and a second CPU interface; 

a common CPU connected to said first CPU interface and said second 
CPU interface; 

wherein the first stacking port and the second stacking port are 
communicatively connected, such that incoming packets on any of the 
plurality of data ports on the first and second switches can be effectively 
switched to any of the pluralrty of data ports on either of the first and second 
network switches. 
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64. A network switch stack configuration as recited in claim 63, 
wherein said common CPU is configured to program functions on the first and 
second network switch, and wherein the common CPU controls 
communication between the first and second network switch. 

65. A network switch stack configuration as recited in claim 63. 
wherein each of said first and second stacking ports include an arbiter 
thereupon, for allocating communication bandwidth between the first and 
second stacking port. 

66. A network switch stack configuration as recited in claim 63, 
wherein each of said first and second stacking ports includes flow control logic 
for controlling data flow to and from each of the first and second network 
switches, respectively. 

67. A network switch stack configuration as recited in claim 65, 
wherein each arbiter is configured to alternate bandwidth access by 
alternating transmission and reception of data based upon a predetermined 
algorithm. 

68. A method of switching packets in a network switch, said method 
comprising: 

receiving a data packet on a source port of a network switch; 

determining whether the network switch has sufficient memory capacity 
to process the data packet; 

if memory capacity is sufficient, reading a selected portion of the 
packet to determine if the packet is to be sent to a mirrored port; 

if mirroring is determined, sending the data packet to the mirrored port; 

determining whether the packet is to be sent to a remote CPU for 
further handling, and sending the data packet to the remote CPU if 
appropriate; 

determining whether the packet is a unicast packet, and if so, placing 
the packet on an internal communication channel within the network switch 
for appropriate storing and forwarding; 

If the packet is not a unicast packet, detemnining if the packet is a 
multicast packet; 



wo 00/56024 



PCT/USOO/06942 



123 

if the packet is determined to be a multicast packet, then perfomiing 
simultaneous lookups and switching using layer 2 lookup tables and 
addresses, and layer 3 lookup tables and addresses, thereby providing hybrid 
multicast handling of the packet. 

69. A method as recited in claim 68, wherein the simultaneous 
lookups and switching includes: 

searching an IP multicast table to determine if a destination address 
is contained in the table; 

forwarding the packet to the remote CPU if the destination address is 
not contained in the table; 

comparing a time-to-live (TTL) value to a predetermined TTL threshold 
if the destination address is known; 

sending the packet to the CPU if the time-to-live value is below the 
predetermined TTL threshold; 

obtaining a layer 3 port bitmap is from the IP multicast table if the time- 
to-live value is not below the predetermined TTL threshold; 

switching the packet to the destination ports if ports on the layer 3 port 
bitmap are considered active ports for the network switch ; 

simultaneously with the searching of the IP multicast table, the method 
includes examining port filtering bits of the module header to determine 
whether a first predetermined port filtering value is present; 

forwarding the packet to a selected group of ports on the switch if the 
first predetermined port filtering value is present; 

searching a multicast table using a destination key if the first 
predetermined filtering value is not present; 

obtaining a port bitmap from the multicast table if searching the 
multicast table results in a match, then forwarding the data packet to ports 
obtained from the port bitmap; 

if there is no match, the port filtering bits are examined to see if a 
second predetermined port filtering value is present; 

if the second predetermined port filtering value is present, the packet 
is dropped; and 
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if the second predetermined port filtering value is not present, then a 
destination port bitmap is obtained from a VLAN table, and the data packet 
is fonwarded to ports identified in the destination port bitmap. 

70. A method as recited in claim 69, wherein said destination key 
is formed by combining a destination address and a destination VLAN 
identification value from a field in the packet. 

71 . A method for searching a table in a network switch, comprising 
the steps of: 

dividing a primary lookup table Into a first sub table and a second sub- 
table; 

searching said first sub-table with a first search engine; and 
simultaneously searching said second sub-table with a second search 
engine. 

72. The method for searching a table in a network switch as recited 
in claim 71, wherein said step of dividing said primary lookup table further 
comprises the steps of: 

storing even numbered memory address locations from said primary 
lookup table into said first sub-table; and 

storing odd numbered memory address locations from said primary 
lookup table into said second sub-table. 

73. The method for searching a table in a network switch as recited 
in claim 72, wherein said step of storing said even numbered memory address 
locations Into said first sub-table further comprises storing said even 
numbered memory address locations Into said first sub-table in sorted order. 

74. The method for search a table in a network switch as recited in 
claim 72, wherein said step of storing said odd numbered memory address 
locations Into said second sub-table further comprises storing said odd 
numbered memory address locations into said second sub-table in sorted 
order. 

75. ^ffie method for searching a table in a networic switch as recited 
in claim 73, wherein said step of storing said even numbered memory address 
locations into said first sub-table in sorted order further comprises storing said 
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even numbered memory address locations into said first sub-table in 
ascending numerical order. 

76. The method for searching a table in a network switch as recited 
.n claim 73. wherein said step of storing said even numbered memory address 
locations into said f.rst-sub-table in sorted order further comprises storing said 
even numbered memory address locations into said, first-sub-table in 
descending numerical order. 

77. The method for searching a table in a network switch as recited 
m cla.m 74. wherein said step of storing said odd numbered memory address 
locations into said second sub-table in sorted order further comprises storing 
said odd numbered memory address locations into said second sub-table In 
ascending numerical order. 

78. The method for searching a table in a network switch as recited 
.n claim 74. wherein said step of storing said odd numbered memory address 
locations into said second sub-table in sorted order further comprises storing 
said odd numbered memory address locations into said second sub-table in 
descending numerical order. 

79. The method for searching a table In a network switch as recited 
in claim 71. wherein said step of searching said first sub-table with a first 
search engine further comprises the steps of: 

comparing a desired entry to a stored entry located at a selected 
memory address location within said first sub-table; 

determining a hit if said stored entry located at said selected memory 
address location is equal to said desired entry; 

decrementing said selected memory address location to the next 
selected memory address location to be compared to said desired entry if said 
stored entry is greater than said desired entry being compared thereto; 

incrementing said selected memory address location to the next 
selected memory address location to be compared to said desired entry if said 
stored entry is less than said desired entry being compared thereto; and 

continuing the steps of comparing said desired entry to said stored 
entry, detemiining a hit if said stored entry is equal to said desired entry and 
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further comprises comparing a desired source MAC address of a data packet 
to said stored entry. 

83. The method for searching a table in a network switch as recited 
in claim 7, wherein said step of comparing a desired entry to a stored entry 
further comprises comparing a desired destination MAC address of a data 
packet to said stored entry. 

84. The method for searching a table in a network switch as recited 
in claim 80, wherein said step of comparing a desired entry to a stored entry 
further comprises comparing a desired destination MAC address of a data 
packet to said stored entry. 

85. The method for searching a table in a network switch as recited 
in claim 71, wherein said steps of searching said first sub-table with a first 
search engine, and simultaneously searching said second sub-table with said 
second search engine, further comprises searching each of said tables using 
a binary lockstep-type search operation. 

86. A method for searching a primary address table within a network 
switch, comprising the steps of: 

dividing said primary address table into a first and second address sub- 
tables; 

storing even numbered memory address locations from said primary 
address table within said first address sub-table in sorted order; 

storing odd numbered memory address locations from said primary 
address table within said second address sub-table in sorted order; 

searching said first address sub-table with a first search engine; and 

simultaneously searching said second address sub-table with a second 
search engine. 

87. The method for a network switch as recited in claim 86wherein 
said step of searching said first address sub-table with a first search engine 
further comprises the steps of: 

comparing a desired address to an address entry stored in a selected 
memory address location within said first address sub-table; 
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determining a liit if said address entry stored in said selected memory 
address location is equal to said desired address; 

decrementing said selected memory address location to a next 
selected memory address location to be compared to said desired address, 
if said address entry stored in said selected memory address location is 
greater than said desired address being compared thereto- 

incrementing said selected memory address location to said next 
selected memory address location to be compared to said desired address, 
if said address entry stored In said selected memory address location is less 
than said desired address being compared thereto; and 

continuing the steps of comparing said desired address to said address 
entry stored in said selected memory address location, determining a hit if 
said address entry in said selected memory address location is equal to said 
desired address, and incrementing or decrementing said selected memory 
address location to achieve said next selected memory address location to be 
compared, until a hit is determined for said desired address, or if a hit is not 
detemnined for said desired address, then comparing a final address entry 
stored in a final selected memory address location within said second address 
sub-table to said desired address. 

88. The method for searching a primary address table within a 
network switch as recited within claim 86. wherein said step of simultaneously 
searching said second address sub-table with a second search engine further 
comprises the steps of: 

comparing a desired address to an address entry stored in a selected 
memory address location within said second address sub-table; 

determining a hit If said address entry stored in said selected memory 
address location is equal to said desired address; 

decrementing said selected memory address location to the next 
selected memory address location to be compared to said desired address, 
if said address entry stored in said selected memory address location is 
greater than said desired address being compared thereto: 
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incrementing said selected memory address location to the next 
selected memory address location to be compared to said desired address, 
if said address entry stored in said selected memory address location is less 
than said desired address being compared thereto; and 

continuing the steps of comparing said desired address to said address 
entry stored in said selected memory address location, detemiining a hit If 
said address entry stored in said selected memory address location is equal 
to said desired address, and incrementing or decrementing said selected 
memory address location to achieve said next selected memory address 
location to be compared, until a hit is determined for said desired address, or 
if a hit is not determined for said desired address, then comparing a final 
address entry to a final selected memory address location within said first 
address sub-table to aid desired address. 

89. The method for searching a primary address table within a 
network switch as recited within claim 86, wherein said step of searching said 
first address sub-table with a first search engine further comprises using a 
binary lockstep-type search operation. 

90. The method for searching a primary address table within a 
network switch as recited within claim 86, wherein said step of simultaneously 
searching said second address sub-table with a second search engine further 
comprises using a binary lockstep-type search operation. 

91. The method for searching a primary address table within a 
network switch as recited within claim 89, wherein said step of using a binary 
lockstep-type search operation further comprises executing each individual 
step of said binary lockstep-type search operation in conjunction with a clock 
cycle, 

92. The method for searching a primary address table within a 
network switch as recited within claim 90, wherein said step of using a binary 
lockstep-type search operation further comprises executing each individual 
step of said binary lockstep-type search operation in conjunction with a clock 
cycle. 
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93. A network switch for network communications, said network 
switch comprising: 

a primary lookup table, said primary lookup table being divided into a 
first lookup sub-table and a second lookup sub-table, each of said first and 
second lookup sub-tables having a plurality of memory address locations 
therein for storing entries; 

a first search engine, said first search engine communicating with said 
first and second lookup sub-tables; and 

a second search engine, said second search engine communicating 
with said first and second lookup sub-tables, 

wherein said first search engine is configured to search said first 
lookup sub-table for a first desired entry, and if said first desired entry is not 
found within said first lookup sub-table, then said first search engine is 
configured to search within said second lookup table, and wherein said 
second search engine is configured to search said second lookup sub-table 
for a second desired entry, and if said second desired entry is not found within 
said second lookup sub-table, then said second search engine is configured 
to search within said first lookup sub-table. 

94 . A network switch for network communications as recited in claim 
93, wherein said plurality of memory address locations within said first lookup 
sub-table further comprises even memory address locations from said primary 
lookup table. 

95. A network switch for network communications as recited in claim 
93. wherein said plurality of memory address locations within said second 
lookup sub-table further comprises odd memory address locations from said 
primary lookup table. 

96. A network switch for network communications as recited in claim 
93. wherein said entries stored within said first and second lookup sub-tables 
further comprises source and destination addresses of data packets traveling 
through said network switch. 

97. A network switch for network communications as recited in claim 
93. wherein said entries stored within said first and second lookup sub-tables 
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further comprises MAC addresses of data packets traveling through said 
network switch. 

98. A network switch for network communications as recited in claim 
93, wherein said network switch further comprises: 

at least one data port interface, said at least one data port interface 
operating to receive and transmit data packets; 

a CPU interface, said CPU interface being configured to communicate 
with a CPU; 

at least one memory stmcture, said at least one memory structure 
communicating with said at least one data port interface; and 

a communication channel, said communication channel being 
configured to transmit data and messaging information between said at least 
one data port interface, said CPU interface, and said at least one memory 
structure. 

99. A network switch for network communications comprising: 

at least one data port interface operating to transmit data packets 
through said network switch, said at least one data port interface having at 
least one address lookup table and at least one address search engine 
positioned therein, said at least one search engine being in communication 
with said at least one address lookup table; 

a CPU interface, said CPU interface being configured to communicate 
with a CPU; 

at least one memory structure, said at least one memory structure 
communicating with said at least one data port interface; and 

a communication channel, said communication channel being 
configured to transmit data and messaging infonnation between said at least 
one data port interface, said CPU interface, and said at least one memory 
structure. 

1 00. A network switch for network communications as recited in claim 
99, wherein said at least one address lookup table further comprises a first 
address lookup table and a second address lookup table. 
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101. A network switch for network communications as recited in claim 
100, wherein said first address lookup table includes even memory address 
locations in sorted order. 

1 02. A network switch for network communications as recited in claim 
1 00, wherein said second address lookup table includes odd memory address 
locations in sorted order. 

1 03. A network switch for network communications as recited in claim 
100, wherein said at least one address search engine further comprises: 

a first address search engine in communication with said first address 
lookup table and said second address lookup table; and 

a second address search engine in communication with said second 
address lookup table and said first address lookup table. 

1 04. A network switch for network communications as recited in claim 
1 03, wherein said first address search engine is configured to search said first 
address lookup table for a desired address, and if said desired address is not 
found within said first address lookup table, then said first search engine 
executes a search with said second address lookup table. 

1 05. A network switch for network communications as recited in claim 
103, wherein said second address search engine is configured to search said 
second address lookup table for a desired address, and if said desired 
address is not found within said second address lookup table, then said 
second search engine executes a search with said first address lookup table. 

1 06. A network switch for network communications as recited in claim 
103, wherein said first address search engine is further configured to: 

compare a desired address to an address entry stored in a selected 
memory address location within said first address lookup table; 

determine a hit if said address entry stored in said selected memory 
address location is equal to said desired address; 

decrement said selected memory address location to a next selected 
memory address location to be compared to said desired address if said 
address entry stored in said selected memory address location is greater than 
said desired address being compared thereto; 
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decrement said selected memory address location to a next selected 
memory address locafon to be compared to said desired add^s T^, 
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compared, until a hit is determined for said desired address, or if a hit is not 
Lem^ined for said desired address, then comparing a f,na. address entry 
stored in a final selected memory address location within said first address 
lool<up table to said desired address. 

108 Anetworkswitohfornetworkcommunioationsasrecned .n daim 
106 whereinsaiddesiredaddressrepresentsasource or destination address 

of a data packet traveling through said netwo* switch. 

109 Anetworkswitchfornetworkcommunicationsasrecited in claim 
107,whereinsaid desired address representsasource or destination address 

of a data packet traveling through said network switch. 

110 Anetworkswitchfornetworkcommunicationsasrecited .n claim 

106, wherein said address entry represents stored MAC addresses^ 

1 1 1 A network switch for network communications as recited in claim 
107 wherein said address entry represents stored MAC addresses. 
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